Validate rule

post

{scheme}://{server}/v0/rules/validate

Validate a rule (MQL, YAML fields, etc). When run against the sandbox or analyzer, no auth is needed but custom lists etc will not be available.

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Body Params

action_ids

array of strings

IDs of actions to run when the rule is triggered

action_ids

active

boolean

Activate the rule immediately

attack_types

array of strings

Rule attack types

attack_types

authors

array of objects

Rule authors. Defaults to the user that made the request

authors

auto_review_auto_share

boolean

Whether auto-reviewed messages will be shared

auto_review_classification

string | null

The classification auto-reviewed messages will have, when an auto-review action is associated with the rule

description

string

Description of rule

detection_methods

array of strings

Rule detection technologies

detection_methods

false_positives

array of strings

Descriptions of known false positives that could occur

false_positives

internal_type

string | null

For core feed only

label

string | null

Rule label

maturity

string | null

Rule maturity

name

string

required

Rule name

references

array of strings

URL references

references

run_triage_on_excluded_messages

boolean | null

For Triage rules only, whether this rule will run even if the message matched a global exclusion.

severity

string | null

Rule severity

source

string

required

Source

tactics_and_techniques

array of strings

Rule tactics and techniques

tactics_and_techniques

tags

triage_abuse_reports

boolean | null

For Triage rules only, whether this rule will run for reported messages. For triage rules, one triage_ field must be true.

triage_classification_changes

boolean | null

For Triage rules only, whether this rule will run for messages whose classification has just changed. For triage rules, one triage_ field must be true.

triage_dlp_rule_matched

boolean | null

For Triage rules only, whether this rule will run for messages that matched a DLP rule. For triage rules, one triage_ field must be true.

triage_flagged_messages

boolean | null

For Triage rules only, whether this rule will run for messages which flagged. For triage rules, one triage_ field must be true.

type

string

enum

Type of the rule

Allowed:

user_provided_tags

array of strings

User-provided tags

user_provided_tags

Response

Language

Credentials

Bearer

URL

Loading…

Response

Choose an example:

application/json

200OK