Rulesets REST Interface

Data and limitations

The ruleset data is the internal representation of the ruleset object and is subject to change without notice.

You can’t change rulesets via the REST interface, and you can’t delete them. POST commands on an URL like /application/APPUUID/rulesets/RULESETUUID always return an error code 409. PUT and DELETE also always fail and return an error code 409.

However, you can, for example, export a ruleset and import it into multiple other applications to duplicate it.

Getting a list of rulesets for an application

Request

Method GET

URL /applications/APPUUID/rulesets/

Arguments –

Method	GET
URL	/applications/APPUUID/rulesets/
Arguments	–

Response

Return code	Arguments	Meaning
200	{RULEUUID1: VERSION, RULEUUID2: VERSION }	list of rulesets for the given application successfully returned as a dictionary containing the ruleset UUIDs as keys and the representative version numbers as values
401	-	no login
403	-	not enough rights
404	-	application not found
500	-	internal server error

Example

The following request retrieves a list of all rulesets for the application that has the UUID “f011694d47d73578-3c0581461472821ff8d0c3a8c007d88c”. Note that you don’t use the application name in the request, but this UUID.

In this case, there is only one ruleset available.

$ curl -u admin:admin -H 'Content-Type: application/json' http://127.0.0.1:8087/api/af/2.0/applications/f011694d47d73578-3c0581461472821ff8d0c3a8c007d88c/rulesets { "__name": "rulesets", "__path": "/api/af/2.0/applications/f011694d47d73578-3c0581461472821ff8d0c3a8c007d88c/rulesets/", "__subnodes": [ "127.0.0.1:8083:f011694d47d73578-1a7bfe29b480dac5575de4bc15d85a6f:1" ], "rulesets": { "127.0.0.1:8083:f011694d47d73578-1a7bfe29b480dac5575de4bc15d85a6f:1": 1 } }

Getting a ruleset BLOB

Request

Method GET

URL /applications/APPUUID/rulesets/RULEUUID

Arguments –

Method	GET
URL	/applications/APPUUID/rulesets/RULEUUID
Arguments	–

Response

Return code	Arguments	Meaning
200	{ RULESETDATA }	ruleset successfully returned as a dictionary containing all ruleset data
401	-	no login
403	-	not enough rights
404	-	application or ruleset not found
500	-	internal server error

Example

The following request retrieves the data of the ruleset with the UUID "127.0.0.1:8083:f011694d47d73578-1a7bfe29b480dac5575de4bc15d85a6f:1", which is a ruleset for the application "f011694d47d73578-3c0581461472821ff8d0c3a8c007d88c".

(In the example, the response is truncated.)

$ curl -u admin:admin -H 'Content-Type: application/json' http://127.0.0.1:8087/api/af/2.0/applications/f011694d47d73578-3c0581461472821ff8d0c3a8c007d88c/rulesets/127.0.0.1:8083:f011694d47d73578-1a7bfe29b480dac5575de4bc15d85a6f:1 { "__name": "127.0.0.1:8083:f011694d47d73578-1a7bfe29b480dac5575de4bc15d85a6f:1", "__path": "/api/af/2.0/applications/f011694d47d73578-3c0581461472821ff8d0c3a8c007d88c/rulesets/127.0.0.1:8083:f011694d47d73578-1a7bfe29b480dac5575de4bc15d85a6f:1/", "__subnodes": [], "baseline_config": {}, "changelog": [], "comment": "", "db_last_modified_timestamp": 1347292036, "db_last_modified_userid": "unknown", "global_handler": [ { "ConfigItems": [ { "db_last_modified_userid": "unknown", "description": "Enable Shortcut Handler", "is_inherited": true, "name": "enabled", "owner": [], "type": "boolean" }, .... } ], "global_timestamp": "00000000000000dc-127.0.0.1:8083-f011694d47d73578-d9a8f3dd4119ea7f200fd9b4acd624a1-1347292036", "handler": [ { "ConfigItems": [ { "db_last_modified_userid": "unknown", "description": "Enable this handler", "is_inherited": true, "name": "enabled", "owner": [], "type": "boolean" }, .... } ], "last_modified": 1347292036, "name": "initial ruleset", "owner": [], "rules": [ { "db_last_modified_userid": "unknown", "handler": [ { "ConfigItems": [ { "db_last_modified_userid": "unknown", "description": "Enable this handler", "is_inherited": true, "name": "enabled", "owner": [], "type": "boolean" }, .... ], "name": "/.*", "owner": [], "selector": [ { "ConfigItems": [ { "db_last_modified_userid": "unknown", "description": "Selection based on hostname", "is_inherited": true, "name": "enabled", "owner": [], "type": "boolean" }, .... ] } ], "version": 1 }

Adding a ruleset

Request

Method POST

URL /applications/APPUUID/rulesets/

Arguments { RULESETDATA }

To activate the added ruleset you need to change the fields logonly_ruleset_version and active_ruleset_version for the application that is to use this ruleset. See Applications REST Interface .

Method	POST
URL	/applications/APPUUID/rulesets/
Arguments	{ RULESETDATA }

Response

Return code	Arguments	Meaning
200	RULESETUUID	ruleset with the given UUID successfully added
401	-	no login
403	-	not enough rights
404	-	application not found
409	-	malformed, conflicting, or missing data
500	-	internal server error