Request to create a prevention rule
8 November 2023
ID 227449
To create the request, the HTTP POST method is used. Command settings are passed in the body of the request in JSON format.
Command syntax
curl -k --<path to TLS certificate file> --key <path to private key file> -X POST "<URL of Central Node server>:<port, 443 by default>/kata/response_api/v1/<external_system_id>/settings?sensor_id=<sensor_id or all, if you want to create the prevention rule for all hosts>&settings_type=prevention" -H 'Content-Type: application/json' -d '
{
"settings": {
"objects": [
{
"file": {
"<sha256 or md5>": "<SHA256- or MD5-hash of the file that you want to prevent from starting>"
}
},
{
"file": {
"<sha256 or md5>": "<SHA256- or MD5-hash of the file that you want to prevent from starting>"
}
'
If the request is processed successfully, the prevention rule is added. The prevention rule becomes active at the moment when it is added.
If necessary, you can delete the prevention rule.
Settings
Parameter | Type | Description |
|---|---|---|
| UUID | Unique ID of the external system used for authorization in Kaspersky Anti Targeted Attack Platform. |
| UUID | Unique ID of the host with the Endpoint Agent component |
| string | Type of the object that you want to prevent from running. Possible value of the parameter: file. |
| string | SHA256 or MD5 has of the object that you want to prevent from running. |
Example of entering a command with switches
|
Returned value
Return code | Description |
|---|---|
| Operation completed successfully. |
| Incorrect parameters. |
| Authorization required. |
| Specified hosts with the Endpoint Agent component not found. |
| Internal server error. Repeat the request later. |
