Computer Log Inspection Rule Details

Describe an log inspection rule

get/computers/{computerID}/loginspection/rules/{logInspectionRuleID}

Describe an log inspection rule including computer-level overrides.

Related SDK Methods:
Java

ComputerLogInspectionRuleDetailsApi.describeLogInspectionRuleOnComputer([param1, param2, ...])

Python

ComputerLogInspectionRuleDetailsApi.describe_log_inspection_rule_on_computer([param1, param2, ...])

JavaScript

ComputerLogInspectionRuleDetailsApi.describeLogInspectionRuleOnComputer([param1, param2, ...])

Request
path Parameters
computerID
required
integer <int32> \d+

The ID number of the computer.

Example: 1
logInspectionRuleID
required
integer <int32> \d+

The ID number of the log inspection rule.

Example: 1
query Parameters
overrides
boolean

Show only overrides defined for the current computer.

header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Responses
200

successful operation

403

Not authorized to view the computer.

404

The computer or log inspection rule does not exist.

Request samples
import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.ComputerLogInspectionRuleDetailsApi;
import com.trendmicro.deepsecurity.model.LogInspectionRule;


public class DescribeLogInspectionRuleOnComputerExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth DefaultAuthentication = (ApiKeyAuth) defaultClient.getAuthentication("DefaultAuthentication");
		DefaultAuthentication.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		ComputerLogInspectionRuleDetailsApi instance = new ComputerLogInspectionRuleDetailsApi();
		Integer computerID = 1;
		Integer logInspectionRuleID = 1;
		Boolean overrides = false;
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			LogInspectionRule result = instance.describeLogInspectionRuleOnComputer(computerID, logInspectionRuleID, overrides, apiVersion);
			System.out.println(result);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling ComputerLogInspectionRuleDetailsApi.describeLogInspectionRuleOnComputer");
			e.printStackTrace();
		}
	}
}

Response samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "minimumAgentVersion": "string",
  • "minimumManagerVersion": "string",
  • "type": "string",
  • "originalIssue": 0,
  • "lastUpdated": 0,
  • "identifier": "string",
  • "template": "basic-rule",
  • "ruleID": 0,
  • "level": 0,
  • "groups": [
    ],
  • "ruleDescription": "string",
  • "pattern": "string",
  • "patternType": "string",
  • "dependency": "none",
  • "dependencyRuleID": 0,
  • "dependencyGroup": "string",
  • "frequency": 0,
  • "timeFrame": 0,
  • "ruleXML": "string",
  • "logFiles": {
    },
  • "alertEnabled": true,
  • "alertMinimumSeverity": 0,
  • "recommendationsMode": "enabled",
  • "sortOrder": 0,
  • "canBeAssignedAlone": true,
  • "dependsOnRuleIDs": [
    ],
  • "ID": 0
}

Modify an log inspection rule

post/computers/{computerID}/loginspection/rules/{logInspectionRuleID}

Modify an log inspection rule assigned to a computer. Any unset elements will be left unchanged.

Related SDK Methods:
Java

ComputerLogInspectionRuleDetailsApi.modifyLogInspectionRuleOnComputer([param1, param2, ...])

Python

ComputerLogInspectionRuleDetailsApi.modify_log_inspection_rule_on_computer([param1, param2, ...])

JavaScript

ComputerLogInspectionRuleDetailsApi.modifyLogInspectionRuleOnComputer([param1, param2, ...])

Request
path Parameters
computerID
required
integer <int32> \d+

The ID number of the computer.

Example: 1
logInspectionRuleID
required
integer <int32> \d+

The ID number of the log inspection rule to modify.

Example: 1
query Parameters
overrides
boolean

Show only overrides defined for the current computer.

header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Request Body schema: application/json

The settings of the log inspection rule to modify.

alertEnabled
boolean

Controls whether to raise an alert when a LogInspectionRule logs an event. Use true to raise an alert. Searchable as Boolean.

alertMinimumSeverity
integer <int32>

Severity level that will trigger an alert. Ignored unless ruleXML contains multiple rules with different severities, and so you must indicate which severity level to use. Searchable as Numeric.

dependency
string

Indicates if a dependant rule or dependency group is set or not. If set, the LogInspectionRule will only log an event if the dependency is triggered. Available for user-defined rules.

Enum: "none" "rule" "group"
dependencyGroup
string

If dependency is configured, the dependancy groups that this rule is dependant on.

dependencyRuleID
integer <int32>

If dependency is configured, the ID of the rule that this rule is dependant on. Ignored if the rule is from Trend Micro, which uses dependsOnRuleIDs instead.

description
string

Description of the LogInspectionRule that appears in search results, and on the General tab in the Deep Security Manager user interface. Searchable as String.

frequency
integer <int32>

Number of times the dependant rule has to match within a specific time frame before the rule is triggered.

groups
Array of strings

Groups that the LogInspectionRule is assigned to, separated by commas. Useful when dependency is used as it's possible to create a LogInspectionRule that fires when another LogInspectionRule belonging to a specific group fires.

identifier
string

Indentifier of the LogInspectionRule used in the Deep Security Manager user interface. Searchable as String.

lastUpdated
integer <int64>

Update timestamp of the LogInspectionRule, measured in milliseconds since epoch. Searchable as Date.

level
integer <int32>

Log level of the LogInspectionRule indicates severity of attack. Level 0 is the least severe and will not log an event. Level 15 is the most severe.

object (LogFiles)
minimumAgentVersion
string

Minimum Deep Security Agent version required by the LogInspectionRule. Searchable as String.

minimumManagerVersion
string

Minimumn Deep Security Manager version required by the LogInspectionRule. Searchable as String.

name
string

Name of the LogInspectionRule. Searchable as String.

originalIssue
integer <int64>

Creation timestamp of the LogInspectionRule, measured in milliseconds since epoch. Searchable as Date.

pattern
string

Regular expression pattern the LogInspectionRule will look for in the logs. The rule will be triggered on a match. Open Source HIDS SEcurity (OSSEC) regular expression syntax is supported, see http://www.ossec.net/docs/syntax/regex.html.

patternType
string

Pattern the LogInspectionRule will look for in the logs. The string matching pattern is faster than the regex pattern.

Enum: "string" "regex"
recommendationsMode
string

Indicates whether recommendation scans consider the LogInspectionRule. Can be set to enabled or ignored. Custom rules cannot be recommended. Searchable as Choice.

Enum: "enabled" "ignored" "unknown" "disabled"
ruleDescription
string

Description of the LogInspectionRule that appears on events and the Content tab in the Deep Security Manager user interface. Alternatively, you can configure this by inserting a description in 'ruleXML'.

ruleID
integer <int32>

ID of the LogInspectionRule sent to the Deep Security Agent. The values 100000 - 109999 are reserved for user-definded rules.

ruleXML
string

LogInspectionRule in an XML format. For information on the XML format, see http://ossec-docs.readthedocs.io/en/latest/syntax/head_rules.html

sortOrder
integer <int32>

Order in which LogInspectionRules are sent to the Deep Security Agent. Log inspeciton rules are sent in ascending order. Valid values are between 10000 and 20000.

template
string

Template used to create this rule.

Enum: "basic-rule" "custom"
timeFrame
integer <int32>

Time period for the frequency of LogInspectionRule triggers that will generate an event, in seconds.

type
string

Type of the LogInspectionRule. The value 'Defined' is used for LogInspectionRules provided by Trend Micro. Searchable as String.

Responses
200

successful operation

403

Not authorized to modify the computer or the requested modification is not permitted.

404

The computer or log inspection rule does not exist.

Request samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "minimumAgentVersion": "string",
  • "minimumManagerVersion": "string",
  • "type": "string",
  • "originalIssue": 0,
  • "lastUpdated": 0,
  • "identifier": "string",
  • "template": "basic-rule",
  • "ruleID": 0,
  • "level": 0,
  • "groups": [
    ],
  • "ruleDescription": "string",
  • "pattern": "string",
  • "patternType": "string",
  • "dependency": "none",
  • "dependencyRuleID": 0,
  • "dependencyGroup": "string",
  • "frequency": 0,
  • "timeFrame": 0,
  • "ruleXML": "string",
  • "logFiles": {
    },
  • "alertEnabled": true,
  • "alertMinimumSeverity": 0,
  • "recommendationsMode": "enabled",
  • "sortOrder": 0
}
Response samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "minimumAgentVersion": "string",
  • "minimumManagerVersion": "string",
  • "type": "string",
  • "originalIssue": 0,
  • "lastUpdated": 0,
  • "identifier": "string",
  • "template": "basic-rule",
  • "ruleID": 0,
  • "level": 0,
  • "groups": [
    ],
  • "ruleDescription": "string",
  • "pattern": "string",
  • "patternType": "string",
  • "dependency": "none",
  • "dependencyRuleID": 0,
  • "dependencyGroup": "string",
  • "frequency": 0,
  • "timeFrame": 0,
  • "ruleXML": "string",
  • "logFiles": {
    },
  • "alertEnabled": true,
  • "alertMinimumSeverity": 0,
  • "recommendationsMode": "enabled",
  • "sortOrder": 0,
  • "canBeAssignedAlone": true,
  • "dependsOnRuleIDs": [
    ],
  • "ID": 0
}

Reset log inspection rule overrides

delete/computers/{computerID}/loginspection/rules/{logInspectionRuleID}

Remove all overrides for an log inspection rule from a computer.

Related SDK Methods:
Java

ComputerLogInspectionRuleDetailsApi.resetLogInspectionRuleOnComputer([param1, param2, ...])

Python

ComputerLogInspectionRuleDetailsApi.reset_log_inspection_rule_on_computer([param1, param2, ...])

JavaScript

ComputerLogInspectionRuleDetailsApi.resetLogInspectionRuleOnComputer([param1, param2, ...])

Request
path Parameters
computerID
required
integer <int32> \d+

The ID number of the computer.

Example: 1
logInspectionRuleID
required
integer <int32> \d+

The ID number of the log inspection rule to reset.

Example: 1
query Parameters
overrides
boolean

Show only overrides defined for the current computer.

header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Responses
200

successful operation

403

Not authorized to modify the computer.

404

The computer does not exist.

Request samples
import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.ComputerLogInspectionRuleDetailsApi;
import com.trendmicro.deepsecurity.model.LogInspectionRule;


public class ResetLogInspectionRuleOnComputerExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth DefaultAuthentication = (ApiKeyAuth) defaultClient.getAuthentication("DefaultAuthentication");
		DefaultAuthentication.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		ComputerLogInspectionRuleDetailsApi instance = new ComputerLogInspectionRuleDetailsApi();
		Integer computerID = 1;
		Integer logInspectionRuleID = 1;
		Boolean overrides = false;
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			LogInspectionRule result = instance.resetLogInspectionRuleOnComputer(computerID, logInspectionRuleID, overrides, apiVersion);
			System.out.println(result);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling ComputerLogInspectionRuleDetailsApi.resetLogInspectionRuleOnComputer");
			e.printStackTrace();
		}
	}
}

Response samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "minimumAgentVersion": "string",
  • "minimumManagerVersion": "string",
  • "type": "string",
  • "originalIssue": 0,
  • "lastUpdated": 0,
  • "identifier": "string",
  • "template": "basic-rule",
  • "ruleID": 0,
  • "level": 0,
  • "groups": [
    ],
  • "ruleDescription": "string",
  • "pattern": "string",
  • "patternType": "string",
  • "dependency": "none",
  • "dependencyRuleID": 0,
  • "dependencyGroup": "string",
  • "frequency": 0,
  • "timeFrame": 0,
  • "ruleXML": "string",
  • "logFiles": {
    },
  • "alertEnabled": true,
  • "alertMinimumSeverity": 0,
  • "recommendationsMode": "enabled",
  • "sortOrder": 0,
  • "canBeAssignedAlone": true,
  • "dependsOnRuleIDs": [
    ],
  • "ID": 0
}

List log inspection rules

get/computers/{computerID}/loginspection/rules

Lists all log inspection rules assigned to a computer.

Related SDK Methods:
Java

ComputerLogInspectionRuleDetailsApi.listLogInspectionRulesOnComputer([param1, param2, ...])

Python

ComputerLogInspectionRuleDetailsApi.list_log_inspection_rules_on_computer([param1, param2, ...])

JavaScript

ComputerLogInspectionRuleDetailsApi.listLogInspectionRulesOnComputer([param1, param2, ...])

Request
path Parameters
computerID
required
integer <int32> \d+

The ID number of the computer.

Example: 1
query Parameters
overrides
boolean

Show only rules assigned to the current computer.

header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Responses
200

successful operation

403

Not authorized to view the computer.

404

The computer does not exist.

Request samples
import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.ComputerLogInspectionRuleDetailsApi;
import com.trendmicro.deepsecurity.model.LogInspectionRules;


public class ListLogInspectionRulesOnComputerExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth DefaultAuthentication = (ApiKeyAuth) defaultClient.getAuthentication("DefaultAuthentication");
		DefaultAuthentication.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		ComputerLogInspectionRuleDetailsApi instance = new ComputerLogInspectionRuleDetailsApi();
		Integer computerID = 1;
		Boolean overrides = false;
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			LogInspectionRules result = instance.listLogInspectionRulesOnComputer(computerID, overrides, apiVersion);
			System.out.println(result);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling ComputerLogInspectionRuleDetailsApi.listLogInspectionRulesOnComputer");
			e.printStackTrace();
		}
	}
}

Response samples
application/json
{
  • "logInspectionRules": [
    ]
}