Request to create a prevention rule

To create the request, the HTTP POST method is used. Command settings are passed in the body of the request in JSON format.

Command syntax

curl -k --cert <path to TLS certificate file> --key <path to private key file> -X POST "<URL of Central Node server>:<port, 443 by default>/kata/response_api/v1/<external_system_id>/settings?sensor_id=<sensor_id or all, if you want to create the prevention rule for all hosts>&settings_type=prevention" -H 'Content-Type: application/json' -d '

{

"settings": {

"objects": [

{

"file": {

"<sha256 or md5>": "<SHA256- or MD5-hash of the file that you want to prevent from starting>"

}

},

{

"file": {

"<sha256 or md5>": "<SHA256- or MD5-hash of the file that you want to prevent from starting>"

}

}

]

}

}

'

If the request is processed successfully, the prevention rule is added. The prevention rule becomes active at the moment when it is added.

If necessary, you can delete the prevention rule.

Settings

Parameter

Type

Description

external_system_id

UUID

Unique ID of the external system used for authorization in Kaspersky Anti Targeted Attack Platform.

sensor_id

UUID

Unique ID of the host with the Endpoint Agent component

objects

string

Type of the object that you want to prevent from running.

Possible value of the parameter: file.

sha256 or md5

string

SHA256 or MD5 has of the object that you want to prevent from running.

Example of entering a command with switches

curl -k --cert <path to TLS certificate file> --key <path to private key file> -X POST "https://10.10.0.22:443/kata/response_api/v1/15301050-0490-4A41-81EA-B0391CF21EF3/settings?sensor_id=all&settings_type=prevention" -H 'Content-Type: application/json' -d '

{

"settings": {

"objects": [

{

"file": {

"sha256": "830195824b742ee59390bc5b9302688c778fc95a64e7d597e28a74c03a04dd63"

}

},

{

"file": {

"md5": "d8e577bf078c45954f4531885478d5a9"

}

}

]

}

}

'

Response

HTTP code: 200

Format: JSON

type Response []Objects

 

type Objects struct {

type file struct {

SHA256 string `json:"sha256"`

},

type file struct {

MD5 string `json:"md5"`

}

}

Returned value

Return code

Description

400

Incorrect parameters.

401

Authorization required.

404

Specified hosts with the Endpoint Agent component not found.

500, 502, 503, 504

Internal server error. Repeat the request later.

Page top