You can delete a prevention rule using a new request with blank values or a request with the DELETE parameter. POST and DELETE HTTP methods are used to create requests.
Command syntax for a new request
Command settings are passed in the body of the request in JSON format.
curl -k --cert <path to TLS certificate file> --key <path to private key file> -X POST "<URL of Central Node server>:<port, 443 by default>/kata/response_api/v1/<external_system_id>/settings?sensor_id=<sensor_id or all, if you want to delete the prevention rule for all hosts>&settings_type=prevention" -H 'Content-Type: application/json' -d '
{
"settings": {
"objects": []
}
}
'
Command syntax with the DELETE parameter
curl -k --cert <path to TLS certificate file> --key <path to private key file> -X DELETE "<URL of Central Node server>:<port, 443 by default>/kata/response_api/v1/<external_system_id>/settings?sensor_id=<sensor_id or all, if you want to delete the prevention rule for all hosts>&settings_type=prevention"
Settings
Parameter |
Type |
Description |
---|---|---|
|
UUID |
Unique ID of the external system used for authorization in Kaspersky Anti Targeted Attack Platform. |
|
UUID |
Unique ID of the host with the Endpoint Agent component |
Example of command for a new request
|
Example of entering a command with the DELETE parameter
|
If the request is processed successfully, the prevention rule is deleted.
To verify that the prevention rule is deleted, make a request for information about the prevention rule using the HTTP GET method.
Example of entering a command with the GET parameter
|
If the prevention rule was deleted, Kaspersky Anti Targeted Attack Platform returns a response to the external system in the following format:
{ "error": "Not Found" } |
Returned value
Return code |
Description |
---|---|
|
Incorrect parameters. |
|
Authorization required. |
|
Specified hosts with the Endpoint Agent component not found. |
|
Internal server error. Repeat the request later. |