Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

Interaction with external systems via API

API for managing Threat Response actions

Managing prevention rules

Request to delete a prevention rule

Kaspersky Anti Targeted Attack (KATA) Platform
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Forum Contact support Recovery tools

Request to delete a prevention rule

April 2, 2024

ID 227588

You can delete a prevention rule using a new request with blank values or a request with the DELETE parameter. POST and DELETE HTTP methods are used to create requests.

Command syntax for a new request

Command settings are passed in the body of the request in JSON format.

curl -k --cert <path to TLS certificate file> --key <path to private key file> -X POST "<URL of Central Node server>:<port, 443 by default>/kata/response_api/v1/<external_system_id>/settings?sensor_id=<sensor_id or all, if you want to delete the prevention rule for all hosts>&settings_type=prevention" -H 'Content-Type: application/json' -d '

{

"settings": {

"objects": []

}

}

'

Command syntax with the DELETE parameter

curl -k --cert <path to TLS certificate file> --key <path to private key file> -X DELETE "<URL of Central Node server>:<port, 443 by default>/kata/response_api/v1/<external_system_id>/settings?sensor_id=<sensor_id or all, if you want to delete the prevention rule for all hosts>&settings_type=prevention"

Settings

Parameter

Type

Description

external_system_id

UUID

Unique ID of the external system used for authorization in Kaspersky Anti Targeted Attack Platform.

sensor_id

UUID

Unique ID of the host with the Endpoint Agent component

Example of command for a new request

curl -k --cert <path to TLS certificate file> --key <path to private key file> -X POST "https://10.10.0.22:443/kata/response_api/v1/15301050-0490-4A41-81EA-B0391CF21EF3/settings?sensor_id=all&settings_type=prevention" -H 'Content-Type: application/json' -d '

{

"settings": {

"objects": []

}

}

'

Example of entering a command with the DELETE parameter

curl -k --cert <path to TLS certificate file> --key <path to private key file> -X DELETE "https://10.10.0.22:443/kata/response_api/v1/15301050-0490-4A41-81EA-B0391CF21EF3/settings?sensor_id=all&settings_type=prevention"

If the request is processed successfully, the prevention rule is deleted.

To verify that the prevention rule is deleted, make a request for information about the prevention rule using the HTTP GET method.

Example of entering a command with the GET parameter

curl -k --cert <path to TLS certificate file> --key <path to private key file> -X GET "https://10.10.0.22:443/kata/response_api/v1/15301050-0490-4A41-81EA-B0391CF21EF3/settings?sensor_id=all&settings_type=prevention"| python -m json.tool

If the prevention rule was deleted, Kaspersky Anti Targeted Attack Platform returns a response to the external system in the following format:

{

"error": "Not Found"

}

Returned value

Return code

Description

400

Incorrect parameters.

401

Authorization required.

404

Specified hosts with the Endpoint Agent component not found.

500, 502, 503, 504

Internal server error. Repeat the request later.

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.