Trellix Ips

the trellix ips connector enables seamless integration between trellix's intrusion prevention system and swimlane turbine, facilitating automated security workflows and enhanced threat management trellix ips is a robust security platform that specializes in intrusion prevention and detection this connector enables seamless integration with third party tools, allowing users to manage firewall policies, attack filters, and rule objects directly within swimlane turbine by leveraging this connector, security teams can automate the enforcement of security policies, streamline threat response, and enhance overall security posture with minimal manual intervention limitations none to date supported versions this trellix ips connector uses the latest version api additional docs https //docs trellix com/bundle/ips landing page/page/uuid 4225da7f 1ba0 1b55 b589 fc49fb8cc882 html configuration prerequisites to effectively utilize the trellix ips connector with swimlane turbine, ensure you have the following prerequisites trellix ips authentication with the following parameters url the endpoint url for the trellix ips api username the username credential for trellix ips access password the password credential for trellix ips access authentication methods url the endpoint url for the trellix ips api username your trellix ips username with sufficient permissions password the password associated with your trellix ips account capabilities this trellix ips connector provides the following capabilities add firewall policy add rule object add new attack filter assign attack filter to domain and attack assign attack filter to interface and attack assign attack filter to sensor and attack create new ips policy create a new scanning exception at sensor create or update light weight policy delete attack filter delete firewall policy delete ips policy delete light weight policy delete rule object delete scanning exception on a sensor and so on configurations trellix ips authentication trellix ips authentication configuration parameters parameter description type required url url string required username username used to authenticate with the nsm api string required password password for the nsm user account string required verify ssl verify ssl certificates when making requests to nsm boolean optional http proxy proxy server to route requests through string optional actions add firewall policy adds a new firewall policy to trellix ips with specified name, domain id, visibility, editability, type, and member details endpoint url /firewallpolicy method post input argument name type required description name string optional name of the resource domainid number optional unique identifier visibletochild boolean optional parameter for add firewall policy description string optional parameter for add firewall policy lastmodifiedtime string optional time value iseditable boolean optional parameter for add firewall policy policytype string optional type of the resource policyversion number optional parameter for add firewall policy lastmodifieduser string optional parameter for add firewall policy memberdetails object optional parameter for add firewall policy memberdetails memberrulelist array required parameter for add firewall policy memberdetails memberrulelist description string required parameter for add firewall policy memberdetails memberrulelist enabled boolean required parameter for add firewall policy memberdetails memberrulelist response string required parameter for add firewall policy memberdetails memberrulelist islogging boolean required parameter for add firewall policy memberdetails memberrulelist direction string required parameter for add firewall policy memberdetails memberrulelist sourceaddressobjectlist array required parameter for add firewall policy memberdetails memberrulelist sourceaddressobjectlist ruleobjectid string required unique identifier memberdetails memberrulelist sourceaddressobjectlist name string required name of the resource memberdetails memberrulelist sourceaddressobjectlist ruleobjecttype string required type of the resource memberdetails memberrulelist destinationaddressobjectlist array required parameter for add firewall policy memberdetails memberrulelist destinationaddressobjectlist ruleobjectid string required unique identifier memberdetails memberrulelist destinationaddressobjectlist name string required name of the resource memberdetails memberrulelist destinationaddressobjectlist ruleobjecttype string required type of the resource memberdetails memberrulelist sourceuserobjectlist array required parameter for add firewall policy input example {"json body" {"name" "testfirewallpolicy","domainid" 0,"visibletochild"\ true,"description" "test the firewallpolicy","lastmodifiedtime" "2012 12 12 12 30 47","iseditable"\ true,"policytype" "advanced","policyversion" 1,"lastmodifieduser" "admin","memberdetails" {"memberrulelist" \[{"description" "test member rule","enabled"\ true,"response" "scan","islogging"\ false,"direction" "inbound","sourceaddressobjectlist" \[{"ruleobjectid" "af","name" "afghanistan","ruleobjecttype" "country"}],"destinationaddressobjectlist" \[{"ruleobjectid" "101","name" "hostdnsrule","ruleobjecttype" "host dns name"},{"ruleobjectid" "102","name" "hostipv4","ruleobjecttype" "host ipv 4"},{"ruleobjectid" "103","name" "ipv4addressrange","ruleobjecttype" "ipv 4 address range"},{"ruleobjectid" "104","name" "networkgroup","ruleobjecttype" "network group"}],"sourceuserobjectlist" \[{"ruleobjectid" " 1","name" "any","ruleobjecttype" "user"}],"serviceobjectlist" \[],"applicationobjectlist" \[{"ruleobjectid" "1308991488","name" "100bao","ruleobjecttype" "application","applicationtype" "default"},{"ruleobjectid" "106","name" "applicaiononcutomport","ruleobjecttype" "application on custom port","applicationtype" "custom"},{"ruleobjectid" "105","name" "applicationgroup","ruleobjecttype" "application group","applicationtype" "custom"}],"timeobjectlist" \[{"ruleobjectid" "107","name" "finitetimeperiod","ruleobjecttype" "finite timing period"},{"ruleobjectid" "108","name" "recuringtimeperiod","ruleobjecttype" "recurring time period"},{"ruleobjectid" "109","name" "recurringtimeperiodgroup","ruleobjecttype" "recurring time period group"}]}]}}} output parameter type description status code number http status code of the response reason string response reason phrase createdresourceid number unique identifier output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"createdresourceid" 120}} add new attack filter adds a new attack filter to trellix ips using type, name, domainid, and matchcriteria as configuration parameters endpoint url /attackfilter method post input argument name type required description domainid number optional id of domain to which this attack filter belongs to description string optional description of the attack filter matchcriteria object optional match criteria for the attack filter matchcriteria exclusion array required list of ip port exclusions matchcriteria exclusion ip object optional ipv4 or ipv6 ip matchcriteria exclusion ip destend string optional destination ip end range matchcriteria exclusion ip destmode string required destination ip mode matchcriteria exclusion ip srcmode string required source ip mode matchcriteria exclusion ip srcstart string optional source ip start range matchcriteria exclusion ip deststart string optional destination ip start range matchcriteria exclusion ip srcend string optional source ip end range matchcriteria exclusion port object optional tcp/udp port matchcriteria exclusion port srcportmode string required source port mode matchcriteria exclusion port srcport string optional source port matchcriteria exclusion port destport string optional destination port matchcriteria exclusion port destportmode string required destination port mode type string optional attack filter type name string optional name of the attack filter input example {"json body" {"domainid" 0,"description" "try ","matchcriteria" {"exclusion" \[{"ip" {"destend" "1 1 1 18","destmode" "range ip","srcmode" "single ip","srcstart" "1 1 1 1","deststart" "1 1 1 13","srcend" "1 1 1 11"},"port" {"srcportmode" "tcp","srcport" "85","destport" "89","destportmode" "tcp"}}]},"type" "ipv 4 and tcp udp port","name" "test1"}} output parameter type description status code number http status code of the response reason string response reason phrase createdresourceid number unique identifier output example {"status code" 200,"reason" "ok","json body" {"createdresourceid" 419}} add rule object adds a new rule object to trellix ips with specified id, type, name, description, domain, and visibility settings endpoint url sdkapi/ruleobject method post input argument name type required description ruleobjid number optional the id of the rule object to add ruleobjtype string optional the type of the rule object to add name string optional the name of the rule object to add description string optional the description of the rule object to add domain number optional id of domain in which the rule object is defined visibletochild boolean optional is rule object visible to child applicationgroup object optional application group object, should be defined if ruleobjtype is application group applicationgroup applicationidentifier array required list of applications identifier applicationgroup applicationidentifier applicationruleobjid number required id of the application rule object applicationgroup applicationidentifier applicationtype string required type of the application applicationoncustomport object optional application defined on custom port object, should be defined if ruleobjtype is application on custom port applicationoncustomport applicationid string required id of the application applicationoncustomport portslist array required list of ports applicationoncustomport portslist ipprotocol string required ip protocol, can be "tcp" or "udp" applicationoncustomport portslist port number required port number finitetimeperiod object optional finite time period rule object, should be defined if ruleobjtype is finite time period finitetimeperiod from string required start time of the time period finitetimeperiod until string required end time of the time period hostipv4 object optional host ipv4 rule object, should be defined if ruleobjtype is host ipv 4 hostipv4 hostipv4addresslist array required list of host ipv4 addresses hostipv4 hostipv4addresslist ruleobjid number required rule object id hostipv4 hostipv4addresslist state number required state of the rule member, should be 1 to enable and 0 to disable the rule member hostipv4 hostipv4addresslist comment string optional comment for the rule member hostipv4 hostipv4addresslist userid number required user id of the rule member hostipv4 hostipv4addresslist value string required value of the rule member input example {"ruleobjid" 123,"ruleobjtype" "string","name" "example name","description" "string","domain" 123,"visibletochild"\ true,"applicationgroup" {"applicationidentifier" \[{"applicationruleobjid" 123,"applicationtype" "string"}]},"applicationoncustomport" {"applicationid" "string","portslist" \[{"ipprotocol" "string","port" 123}]},"finitetimeperiod" {"from" "string","until" "string"},"hostipv4" {"hostipv4addresslist" \[{"ruleobjid" 123,"state" 123,"comment" "string","userid" 123,"value" "string"}]},"hostipv6" {"hostipv6addresslist" \[{"ruleobjid" 123,"state" 123,"comment" "string","userid" 123,"value" "string"}]},"hostdnsname" {"hostdnsnamelist" \[{"ruleobjid" 123,"state" 123,"comment" "string","userid" 123,"value" "string"}]},"ipv4addressrange" {"ipv4rangelist" \[{"ruleobjid" 123,"state" 123,"comment" "string","userid" 123,"fromaddress" "string","toaddress" "string"}]},"ipv6addressrange" {"ipv6rangelist" \[{"ruleobjid" 123,"state" 123,"comment" "string","userid" 123,"fromaddress" "string","toaddress" "string"}]},"networkipv4" {"networkipv4list" \[{"ruleobjid" 123,"state" 123,"comment" "string","userid" 123,"value" "string"}]},"networkipv6" {"networkipv6list" \[{"ruleobjid" 123,"state" 123,"comment" "string","userid" 123,"value" "string"}]},"networkgroup" {"networkgroupidentifier" \[{"ruleobjid" 123,"type" "string"}]},"recurringtimeperiod" {"entireday"\ true,"day" \["string"],"duration" {"from" "string","until" "string"}},"recurringtimeperiodgroup" {"recurringtimeperiodsid" \[123]},"service" {"protocol" "string","portnumber" "string"},"servicerange" {"protocol" "string","from" "string","to" "string"},"servicegroup" {"serviceidentifier" \[{"serviceruleobjid" 123,"servicetype" "string"}]},"networkgroupaf" {"networkgroupidentifier" \[{"ruleobjid" 123,"type" "string"}]}} output parameter type description status code number http status code of the response reason string response reason phrase createdresourceid number unique identifier output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"createdresourceid" 235}} assign attack filter to domain and attack assign specific attack filters to a domain and attack within trellix ips using the provided domain id and assignattackfilterrequest endpoint url /domain/{{domain id}}/attackfilter method post input argument name type required description path parameters domain id number required id of the domain in which the attack filter is created assignattackfilterrequest array optional list of attack filters assignattackfilterrequest direction string required attack direction assignattackfilterrequest attackid string required id of the attack assignattackfilterrequest filterid array required list of filter ids to be assigned to the attack assignattackfilterrequest overwrite boolean required whether to overwrite existing filters assigned to the attack input example {"json body" {"assignattackfilterrequest" \[{"direction" "inbound","attackid" "0x40503900","filterid" \[419,420],"overwrite"\ true},{"direction" "inbound","attackid" "0x48304e00","filterid" \[419],"overwrite"\ true}]},"path parameters" {"domain id" 12345}} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"reason" "ok","json body" {"status" 1}} assign attack filter to interface and attack assigns specified attack filters to an interface or subinterface and attack in trellix ips, utilizing sensor id, interface id, and assignattackfilterrequest endpoint url /sensor/{{sensor id}}/interface/{{interface id}}/attackfilter method post input argument name type required description path parameters sensor id number required id of the sensor to which the attack filter is to be assigned path parameters interface id number required interface/subinterface id to which the attack filter is to be assigned assignattackfilterrequest array optional list of attack filters assignattackfilterrequest direction string required attack direction assignattackfilterrequest attackid string required id of the attack assignattackfilterrequest filterid array required list of filter ids to be assigned assignattackfilterrequest overwrite boolean required whether to overwrite existing assignments input example {"json body" {"assignattackfilterrequest" \[{"direction" "inbound","attackid" "0x40503900","filterid" \[419,420],"overwrite"\ true},{"direction" "inbound","attackid" "0x48304e00","filterid" \[419],"overwrite"\ true}]},"path parameters" {"sensor id" 121234,"interface id" 111223}} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"reason" "ok","json body" {"status" 1}} assign attack filter to sensor and attack assigns specified attack filters to both a sensor and an attack within trellix ips, utilizing the sensor id and assignattackfilterrequest endpoint url /sensor/{{sensor id}}/attackfilter method post input argument name type required description path parameters sensor id number required id of the sensor to which the attack filter is to be assigned assignattackfilterrequest array optional list of attack filters assignattackfilterrequest direction string required attack direction assignattackfilterrequest attackid string required id of the attack assignattackfilterrequest filterid array required list of filter ids assignattackfilterrequest overwrite boolean required overwrite filter input example {"json body" {"assignattackfilterrequest" \[{"direction" "inbound","attackid" "0x40503900","filterid" \[419,420],"overwrite"\ true},{"direction" "inbound","attackid" "0x48304e00","filterid" \[419],"overwrite"\ true}]},"path parameters" {"sensor id" 12341}} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"reason" "ok","json body" {"status" 1}} create a new scanning exception at sensor creates a new scanning exception on a trellix ips sensor using the provided sensor id and scanningexceptiondetailselement endpoint url /sensor/{{sensor id}}/scanningexception method post input argument name type required description path parameters sensor id number required sensor id scanningexceptiondetailselement object optional object that contains the details of the field to be sent scanningexceptiondetailselement scanningexceptiondetails object required object that contains the details of the field to be sent scanningexceptiondetailselement scanningexceptiondetails forwardtype string optional can be one of these tcp/udp/vlan scanningexceptiondetailselement scanningexceptiondetails portinfo object optional contains the tcp/udp port informations scanningexceptiondetailselement scanningexceptiondetails portinfo portrange object optional contains the port range information scanningexceptiondetailselement scanningexceptiondetails portinfo portrange from object required start port value scanningexceptiondetailselement scanningexceptiondetails portinfo portrange to object required end port value scanningexceptiondetailselement scanningexceptiondetails portinfo portnumber object optional contains the port number information scanningexceptiondetailselement scanningexceptiondetails portinfo portnumber value number required specified port value scanningexceptiondetailselement scanningexceptiondetails vlaninfo object optional contains the vlan information scanningexceptiondetailselement scanningexceptiondetails vlaninfo portpairname object required name of the port pair on which scanning exception of vlan type should be created scanningexceptiondetailselement scanningexceptiondetails vlaninfo vlanids object optional contains the vlan information scanningexceptiondetailselement scanningexceptiondetails vlaninfo vlanids vlanrange object optional contains the vlan range information scanningexceptiondetailselement scanningexceptiondetails vlaninfo vlanids vlanid object optional contains the vlan id information input example {"path parameters" {"sensor id" 123},"scanningexceptiondetailselement" {"scanningexceptiondetails" {"forwardtype" "string","portinfo" {"portrange" {},"portnumber" {}},"vlaninfo" {"portpairname" {},"vlanids" {}}}}} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"reason" "ok","json body" {"status" 1}} create new ips policy creates a new global intrusion prevention system policy in trellix ips with specified name, description, visibility, rule sets, and dos sensitivity endpoint url /sdkapi/domain/{{domain id}}/ipspolicies/createips method post input argument name type required description path parameters domain id number required the unique identifier of the domain for which the ips policy is being created policyname string optional the name of the ips policy to be created description string optional a brief description of the ips policy isvisibletochildren boolean optional indicates if the policy is visible to child domains inboundruleset string optional the rule set to apply for inbound traffic outboundruleset string optional the rule set to apply for outbound traffic dosresponsesensitivitylevel number optional sensitivity level for dos response (e g , 1 for low, 2 for medium, etc ) direction number optional the direction of the policy (e g , 1 for inbound, 2 for outbound) input example {"json body" {"policyname" "ips policytest1","description" "test","isvisibletochildren"\ true,"inboundruleset" "default prevention","outboundruleset" "dmz","dosresponsesensitivitylevel" 1,"direction" 1},"path parameters" {"domain id" 0}} output parameter type description status code number http status code of the response reason string response reason phrase createdresourceid number unique identifier output example {"status code" 200,"reason" "ok","json body" {"createdresourceid" 105}} create or update light weight policy create or update a lightweight policy on trellix ips using sensor id, interface id, and policydescriptor endpoint url /sensor/{{sensor id}}/interface/{{interface id}}/localipspolicy method post input argument name type required description path parameters sensor id number required the unique identifier of the sensor for which the policy is being created or updated path parameters interface id number required the unique identifier of the interface for which the policy is being created or updated policydescriptor object optional the policy descriptor containing the configuration details for the light weight policy policydescriptor policyname string required the name of the policy policydescriptor description string required a brief description of the policy policydescriptor isvisibletochildren boolean required indicates whether this policy is visible to child entities in the hierarchy policydescriptor inboundruleset string required the name of the inbound rule set associated with this policy policydescriptor outboundruleset string required the name of the outbound rule set associated with this policy policydescriptor attackcategory object required the category of attacks that this policy is configured to handle policydescriptor attackcategory expolitattacklist array required list of exploits and attacks for the policy policydescriptor attackcategory expolitattacklist attackname string required the name of the attack policydescriptor attackcategory expolitattacklist nspid string required the unique identifier for the attack policydescriptor attackcategory expolitattacklist severity number required the severity level of the attack policydescriptor attackcategory expolitattacklist isseveritycustomized boolean required indicates whether the severity level has been customized for this attack policydescriptor attackcategory expolitattacklist isenabled boolean required indicates whether this attack is enabled in the policy policydescriptor attackcategory expolitattacklist isalertcustomized boolean required indicates whether the alert settings for this attack have been customized policydescriptor attackcategory expolitattacklist isrecommendedforsmartblocking boolean required indicates whether this attack is recommended for smart blocking policydescriptor attackcategory expolitattacklist attackresponse object required the response actions to be taken for this attack policydescriptor attackcategory expolitattacklist attackresponse tcpreset string required the tcp reset action to be taken for this attack policydescriptor attackcategory expolitattacklist attackresponse istcpresetcustomized boolean required indicates whether the tcp reset action has been customized for this attack policydescriptor attackcategory expolitattacklist attackresponse isicmpsend boolean required indicates whether an icmp send action is configured for this attack policydescriptor attackcategory expolitattacklist attackresponse isicmpsendcustomized boolean required indicates whether the icmp send action has been customized for this attack policydescriptor attackcategory expolitattacklist attackresponse mcafeenacnotification string required the mcafee nac notification setting for this attack policydescriptor attackcategory expolitattacklist attackresponse ismcafeenacnotificationenabled boolean required indicates whether the mcafee nac notification is enabled for this attack policydescriptor attackcategory expolitattacklist attackresponse isquarantinecustomized boolean required indicates whether the quarantine settings for this attack have been customized input example {"path parameters" {"sensor id" 123,"interface id" 123},"policydescriptor" {"policyname" "example name","description" "string","isvisibletochildren"\ true,"inboundruleset" "string","outboundruleset" "string","attackcategory" {"expolitattacklist" \[{"attackname" "example name","nspid" "string","severity" 123,"isseveritycustomized"\ true,"isenabled"\ true,"isalertcustomized"\ true,"isrecommendedforsmartblocking"\ true,"attackresponse" {},"notification" {},"protocollist" \["string"],"benigntriggerprobability" "string","blockingtype" "string","subcategory" "string","direction" "string","isattackcustomized"\ true}]},"outboundattackcategory" {},"dospolicy" {"learningattack" \[{"attackname" "example name","nspid" "string","isseveritycustomized"\ true,"severity" 123,"isblockingsettingcustomized"\ true,"isdroppacket"\ true,"isalertcustomized"\ true,"issendalerttomanager"\ true,"direction" "string","notification" {},"isattackcustomized"\ true}],"thresholdattack" \[{"attackname" "example name","nspid" "string","isseveritycustomized"\ true,"severity" 123,"isthresholdvaluecustomized"\ true,"isthresholddurationcustomized"\ true,"thresholdvalue" 123,"thresholdduration" 123,"isalertcustomized"\ true,"issendalerttomanager"\ true,"notification" {},"direction" "string","isattackcustomized"\ true}],"timestamp" "2024 01 01t00 00 00z"},"reconpolicy" {"timestamp" {},"reconattacklist" \[{"isalertcustomized"\ true,"isseveritycustomized"\ true,"direction" {},"severity" 123,"isthresholddurationcustomized"\ true,"issendalerttomanager"\ true,"isquarantinecustomized"\ true,"attackname" "example name","thresholdduration" 123,"alertsuppressiontimer" 123,"isalertsuppressiontimercustomized"\ true,"isattackcustomized"\ true,"ismcafeenacnotificationenabled"\ true,"isthresholdvaluecustomized"\ true,"nspid" "string","mcafeenacnotification" "string","isremediateenabled"\ true,"timestamp" {},"thresholdvalue" 123,"notification" {}}]},"dosresponsesensitivitylevel" 123,"iseditable"\ true,"timestamp" "2024 01 01t00 00 00z","versionnum" 123,"islightweightpolicy"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase createdresourceid number unique identifier output example {"status code" 200,"reason" "ok","json body" {"createdresourceid" 105}} delete attack filter deletes a specified attack filter from trellix ips using the provided unique attackfilter id endpoint url /attackfilter/{{attackfilter id}} method delete input argument name type required description path parameters attackfilter id number required id of the attack filter to be deleted input example {"path parameters" {"attackfilter id" 12345}} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"reason" "ok","json body" {"status" 1}} delete firewall policy removes a specified firewall policy from trellix ips using the provided unique policy id endpoint url /firewallpolicy/{{policy id}} method delete input argument name type required description path parameters policy id number required the unique identifier of the firewall policy to be deleted input example {"path parameters" {"policy id" 120}} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"reason" "ok","json body" {"status" 1}} delete ips policy removes a specified intrusion prevention system policy from trellix ips using the provided policy id endpoint url /ipspolicy/{{policyid}} method delete input argument name type required description path parameters policyid number required the unique identifier of the ips policy to be deleted input example {"path parameters" {"policyid" 123}} output parameter type description status code number http status code of the response reason string response reason phrase createdresourceid number unique identifier output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"createdresourceid" 120}} delete light weight policy removes a local intrusion prevention system policy from a specified sensor interface in trellix ips using sensor and interface ids endpoint url /sensor/{{sensor id}}/interface/{{interface id}}/localipspolicy method delete input argument name type required description path parameters sensor id number required the unique identifier of the sensor for which the policy is being created or updated path parameters interface id number required the unique identifier of the interface for which the policy is being created or updated input example {"path parameters" {"sensor id" 1001,"interface id" 501}} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"reason" "ok","json body" {"status" 1}} delete rule object removes a specified rule object from trellix ips; fails if the object is currently in use endpoint url sdkapi/ruleobject/{{ruleobject id}} method delete input argument name type required description path parameters ruleobject id number required the id of the rule object to delete input example {"path parameters" {"ruleobject id" 21}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} delete scanning exception on a sensor removes a specified scanning exception from a trellix ips sensor using the sensor id and scanningexceptiondeleteelement endpoint url /sensor/{{sensor id}}/scanningexception method delete input argument name type required description path parameters sensor id number required sensor id scanningexceptiondeleteelement string optional object that contains the details of the field to be sent input example {"path parameters" {"sensor id" 123},"scanningexceptiondeleteelement" "string"} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"reason" "ok","json body" {"status" 1}} download invalid rule members csv file downloads a csv file with invalid rule members from trellix ips using the specified rule object id endpoint url /sdkapi/ruleobject/downloadinvalidromembers method get input argument name type required description parameters ruleobjectid number required the id of the rule object to download the invalid rule members from input example {"parameters" {"ruleobject id" 121}} output parameter type description status code number http status code of the response reason string response reason phrase file object attachments file file string output field file file file file name string name of the resource output example {"status code" 200,"response headers" {},"reason" "ok","json body" {},"file" {"file name" "invalid rule members csv","file" "data\ application/vnd ms excel;base64, "}} enable or disable scanning exception on a sensor enable or disable a scanning exception for a trellix ips sensor by specifying the sensor id and status element endpoint url /sensor/{{sensor id}}/scanningexception/status method put input argument name type required description path parameters sensor id number required sensor id scanningexceptionstatuselement object optional object that contains the details of the field to be sent scanningexceptionstatuselement enabled boolean required indicates if scanning exception is enabled on the sensor input example {"path parameters" {"sensor id" 123},"scanningexceptionstatuselement" {"enabled"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"reason" "ok","json body" {"status" 1}} export rule members to a csv file downloads a csv file with rule members from trellix ips using the specified ruleobjectid endpoint url sdkapi/ruleobject/exportromembers method get input argument name type required description parameters ruleobjectid number required the id of the rule object to export the rule members from input example {"parameters" {"ruleobjectid" 0}} output parameter type description status code number http status code of the response reason string response reason phrase file object attachments file file string output field file file file file name string name of the resource output example {"status code" 200,"response headers" {},"reason" "ok","json body" {},"file" {"file name" "invalid rule members csv","file" "data\ application/vnd ms excel;base64, "}} get an attack filter retrieve detailed information for a specified attack filter in trellix ips using the unique attackfilter id endpoint url /attackfilter/{{attackfilter id}} method get input argument name type required description path parameters attackfilter id number required id of the attack filter to be retrieved input example {"path parameters" {"attackfilter id" 12345}} output parameter type description status code number http status code of the response reason string response reason phrase domainid number unique identifier matchcriteria object output field matchcriteria matchcriteria exclusion array output field matchcriteria exclusion matchcriteria exclusion ip object output field matchcriteria exclusion ip matchcriteria exclusion port object output field matchcriteria exclusion port matchcriteria exclusion port srcportmode string output field matchcriteria exclusion port srcportmode matchcriteria exclusion port srcport string output field matchcriteria exclusion port srcport matchcriteria exclusion port destport string output field matchcriteria exclusion port destport matchcriteria exclusion port destportmode string output field matchcriteria exclusion port destportmode lastmodts string output field lastmodts attackfilterid number unique identifier type string type of the resource name string name of the resource output example {"status code" 200,"reason" "ok","json body" {"domainid" 0,"matchcriteria" {"exclusion" \[]},"lastmodts" "2012 07 24 00 19 00","attackfilterid" 420,"type" "tcp udp port","name" "test2"}} get attack filters assigned to domain and attack retrieves all attack filters assigned to a specific domain and attack in trellix ips, requiring domain id and attack id as parameters endpoint url /domain/{{domain id}}/attackfilter/{{attack id}} method get input argument name type required description path parameters domain id number required id of domain in which the attack filter is created path parameters attack id string required attack id to which attack filters are assigned input example {"path parameters" {"domain id" 12345,"attack id" "123ekpp"}} output parameter type description status code number http status code of the response reason string response reason phrase attackfilterdescriptor array output field attackfilterdescriptor attackfilterdescriptor visibletochild boolean output field attackfilterdescriptor visibletochild attackfilterdescriptor name string name of the resource attackfilterdescriptor iseditable boolean output field attackfilterdescriptor iseditable attackfilterdescriptor filterid number unique identifier attackfilterdescriptor domainid number unique identifier attackfilterdescriptor lastmodts string output field attackfilterdescriptor lastmodts output example {"status code" 200,"reason" "ok","json body" {"attackfilterdescriptor" \[{},{}]}} get attack filters assigned to interface retrieves all attack filters assigned to a specified interface or subinterface within trellix ips for a given attack, requiring sensor id, interface id, and attack id endpoint url /sensor/{{sensor id}}/interface/{{interface id}}/attackfilter/{{attack id}} method get input argument name type required description path parameters sensor id number required id of the sensor to which the attack filter is assigned path parameters interface id number required interface/subinterface id to which the attack filter is assigned path parameters attack id string required attack id to which attack filters are assigned input example {"path parameters" {"sensor id" 12123,"interface id" 14321,"attack id" "13edfp"}} output parameter type description status code number http status code of the response reason string response reason phrase attackfilterdescriptor array output field attackfilterdescriptor attackfilterdescriptor visibletochild boolean output field attackfilterdescriptor visibletochild attackfilterdescriptor name string name of the resource attackfilterdescriptor iseditable boolean output field attackfilterdescriptor iseditable attackfilterdescriptor filterid number unique identifier attackfilterdescriptor domainid number unique identifier attackfilterdescriptor lastmodts string output field attackfilterdescriptor lastmodts output example {"status code" 200,"reason" "ok","json body" {"attackfilterdescriptor" \[{},{}]}} get attack filters assigned to sensor and attack retrieves all attack filters assigned to a specific sensor and attack in trellix ips, using sensor id and attack id endpoint url /sensor/{{sensor id}}/attackfilter/{{attack id}} method get input argument name type required description path parameters sensor id number required id of the sensor to which the attack filter is assigned path parameters attack id string required attack id to which attack filters are assigned input example {"path parameters" {"sensor id" 1234,"attack id" "12wepq"}} output parameter type description status code number http status code of the response reason string response reason phrase attackfilterdescriptor array output field attackfilterdescriptor attackfilterdescriptor visibletochild boolean output field attackfilterdescriptor visibletochild attackfilterdescriptor name string name of the resource attackfilterdescriptor iseditable boolean output field attackfilterdescriptor iseditable attackfilterdescriptor filterid number unique identifier attackfilterdescriptor domainid number unique identifier attackfilterdescriptor lastmodts string output field attackfilterdescriptor lastmodts output example {"status code" 200,"reason" "ok","json body" {"attackfilterdescriptor" \[{},{}]}} get attack filters assignments retrieve assignments for a specific attack filter by id in trellix ips, encompassing all attacks and resources endpoint url /attackfilter/{{attackfilter id}}/assignments method get input argument name type required description path parameters attackfilter id number required id of the attack filter whose assignments are to be retrieved input example {"path parameters" {"attackfilter id" 12351}} output parameter type description status code number http status code of the response reason string response reason phrase assignmentdetails array output field assignmentdetails assignmentdetails resourcename string name of the resource assignmentdetails attackid string unique identifier output example {"status code" 200,"reason" "ok","json body" {"assignmentdetails" \[{},{}]}} get attack filters defined in a domain retrieves all attack filters within a specified domain in trellix ips, using the provided domain id endpoint url /attackfilters?domain={{domain id}} method get input argument name type required description path parameters domain id number required id of the domain in which the attack filter has been created input example {"path parameters" {"domain id" 12345}} output parameter type description status code number http status code of the response reason string response reason phrase attackfilterdescriptor array output field attackfilterdescriptor attackfilterdescriptor visibletochild boolean output field attackfilterdescriptor visibletochild attackfilterdescriptor name string name of the resource attackfilterdescriptor iseditable boolean output field attackfilterdescriptor iseditable attackfilterdescriptor filterid number unique identifier attackfilterdescriptor domainid number unique identifier attackfilterdescriptor lastmodts string output field attackfilterdescriptor lastmodts output example {"status code" 200,"reason" "ok","json body" {"attackfilterdescriptor" \[{},{}]}} get firewall policies in domain retrieve all firewall policies within a specified domain in trellix ips using the provided domain id endpoint url /domain/{{domain id}}/firewallpolicy method get input argument name type required description path parameters domain id number required the unique identifier of the domain for which firewall policies are being retrieved input example {"path parameters" {"domain id" 120}} output parameter type description status code number http status code of the response reason string response reason phrase firewallpoliciesfordomainresponselist array output field firewallpoliciesfordomainresponselist firewallpoliciesfordomainresponselist policyid number unique identifier firewallpoliciesfordomainresponselist policyname string name of the resource firewallpoliciesfordomainresponselist domainid number unique identifier firewallpoliciesfordomainresponselist visibletochild boolean output field firewallpoliciesfordomainresponselist visibletochild firewallpoliciesfordomainresponselist description string output field firewallpoliciesfordomainresponselist description firewallpoliciesfordomainresponselist iseditable boolean output field firewallpoliciesfordomainresponselist iseditable firewallpoliciesfordomainresponselist policytype string type of the resource firewallpoliciesfordomainresponselist policyversion number output field firewallpoliciesfordomainresponselist policyversion firewallpoliciesfordomainresponselist lastmoduser string output field firewallpoliciesfordomainresponselist lastmoduser output example {"status code" 200,"reason" "ok","json body" {"firewallpoliciesfordomainresponselist" \[{"policyid" 107,"policyname" "port firewallpolicy","domainid" 0,"visibletochild"\ false,"description" "firewall policy for port","iseditable"\ true,"policytype" "classic","policyversion" 1,"lastmoduser" "admin"},{"policyid" 105,"policyname" "interface firewallpolicy","domainid" 0,"visibletochild"\ true,"description" "firewall policy for interface","iseditable"\ true,"policytype" "advanced","policyversion" 1,"lastm get firewall policy retrieve details of a specific firewall policy in trellix ips using the provided policy id endpoint url /firewallpolicy/{{policy id}} method get input argument name type required description path parameters policy id number required the unique identifier of the firewall policy to be deleted input example {"path parameters" {"policy id" 120}} output parameter type description status code number http status code of the response reason string response reason phrase firewallpolicyid number unique identifier name string name of the resource domainid number unique identifier visibletochild boolean output field visibletochild description string output field description lastmodifiedtime string time value iseditable boolean output field iseditable policytype string type of the resource policyversion number output field policyversion lastmodifieduser string output field lastmodifieduser memberdetails object output field memberdetails memberdetails memberrulelist array output field memberdetails memberrulelist memberdetails memberrulelist description string output field memberdetails memberrulelist description memberdetails memberrulelist enabled boolean output field memberdetails memberrulelist enabled memberdetails memberrulelist response string output field memberdetails memberrulelist response memberdetails memberrulelist islogging boolean output field memberdetails memberrulelist islogging memberdetails memberrulelist direction string output field memberdetails memberrulelist direction memberdetails memberrulelist sourceaddressobjectlist array output field memberdetails memberrulelist sourceaddressobjectlist memberdetails memberrulelist sourceaddressobjectlist ruleobjectid string unique identifier memberdetails memberrulelist sourceaddressobjectlist name string name of the resource memberdetails memberrulelist sourceaddressobjectlist ruleobjecttype string type of the resource memberdetails memberrulelist destinationaddressobjectlist array output field memberdetails memberrulelist destinationaddressobjectlist memberdetails memberrulelist destinationaddressobjectlist ruleobjectid string unique identifier output example {"status code" 200,"reason" "ok","json body" {"firewallpolicyid" 120,"name" "testfirewallpolicy","domainid" 0,"visibletochild"\ true,"description" "test the firewallpolicy","lastmodifiedtime" "2012 12 12 12 43 54","iseditable"\ true,"policytype" "advanced","policyversion" 1,"lastmodifieduser" "admin","memberdetails" {"memberrulelist" \[]}}} get ips policies in a domain retrieves all intrusion prevention system policies within a specified domain in trellix ips using the provided domain id endpoint url /domain/{{domain id}}/ipspolicies method get input argument name type required description path parameters domain id number required the unique identifier of the domain for which ips policies are being retrieved input example {"path parameters" {"domain id" 0}} output parameter type description status code number http status code of the response reason string response reason phrase policydescriptordetailslist array output field policydescriptordetailslist policydescriptordetailslist name string name of the resource policydescriptordetailslist domainid string unique identifier policydescriptordetailslist policyid string unique identifier policydescriptordetailslist iseditable string output field policydescriptordetailslist iseditable policydescriptordetailslist visibletochild string output field policydescriptordetailslist visibletochild output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"policydescriptordetailslist" \[{"name" "default ips attack settings","domainid" "0","policyid" " 1","iseditable" "true","visibletochild" "true"},{"name" "default ids","domainid" "0","policyid" "0","iseditable" "true","visibletochild" "true"},{"name" "all inclusive without audit","domainid" "0","policyid" "16","iseditable" "true","visibletochild" "true"}]}} get ips policy details retrieve detailed information for a specific trellix ips policy, including attack sets and response actions, using the policy id endpoint url /ipspolicy/{{policy id}} method get input argument name type required description path parameters policy id number required the unique identifier of the ips policy for which details are being retrieved input example {"path parameters" {"policy id" 0}} output parameter type description status code number http status code of the response reason string response reason phrase policydescriptor object output field policydescriptor policydescriptor policyname string name of the resource policydescriptor description string output field policydescriptor description policydescriptor isvisibletochildren boolean output field policydescriptor isvisibletochildren policydescriptor inboundruleset string output field policydescriptor inboundruleset policydescriptor outboundruleset string output field policydescriptor outboundruleset policydescriptor attackcategory object output field policydescriptor attackcategory policydescriptor attackcategory expolitattacklist array output field policydescriptor attackcategory expolitattacklist policydescriptor attackcategory expolitattacklist attackname string name of the resource policydescriptor attackcategory expolitattacklist nspid string unique identifier policydescriptor attackcategory expolitattacklist severity number output field policydescriptor attackcategory expolitattacklist severity policydescriptor attackcategory expolitattacklist isseveritycustomized boolean output field policydescriptor attackcategory expolitattacklist isseveritycustomized policydescriptor attackcategory expolitattacklist isenabled boolean output field policydescriptor attackcategory expolitattacklist isenabled policydescriptor attackcategory expolitattacklist isalertcustomized boolean output field policydescriptor attackcategory expolitattacklist isalertcustomized policydescriptor attackcategory expolitattacklist isrecommendedforsmartblocking boolean output field policydescriptor attackcategory expolitattacklist isrecommendedforsmartblocking policydescriptor attackcategory expolitattacklist attackresponse object output field policydescriptor attackcategory expolitattacklist attackresponse policydescriptor attackcategory expolitattacklist attackresponse tcpreset string output field policydescriptor attackcategory expolitattacklist attackresponse tcpreset policydescriptor attackcategory expolitattacklist attackresponse istcpresetcustomized boolean output field policydescriptor attackcategory expolitattacklist attackresponse istcpresetcustomized policydescriptor attackcategory expolitattacklist attackresponse isicmpsend boolean output field policydescriptor attackcategory expolitattacklist attackresponse isicmpsend policydescriptor attackcategory expolitattacklist attackresponse isicmpsendcustomized boolean output field policydescriptor attackcategory expolitattacklist attackresponse isicmpsendcustomized policydescriptor attackcategory expolitattacklist attackresponse mcafeenacnotification string output field policydescriptor attackcategory expolitattacklist attackresponse mcafeenacnotification policydescriptor attackcategory expolitattacklist attackresponse ismcafeenacnotificationenabled boolean output field policydescriptor attackcategory expolitattacklist attackresponse ismcafeenacnotificationenabled policydescriptor attackcategory expolitattacklist attackresponse isquarantinecustomized boolean output field policydescriptor attackcategory expolitattacklist attackresponse isquarantinecustomized output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"policydescriptor" {"policyname" "ipspolicy","description" "to test the ips policy","isvisibletochildren"\ true,"inboundruleset" "testips","outboundruleset" "null","attackcategory" {},"outboundattackcategory" {},"dospolicy" {},"dosresponsesensitivitylevel" 0,"iseditable"\ false,"timestamp" "2012 06 20 18 44 55 000","versionnum" 1,"islightweightpolicy"\ false}}} get light weight policy details retrieve lightweight policy details for a specified sensor and interface in trellix ips, using sensor id and interface id endpoint url /sensor/{{sensor id}}/interface/{{interface id}}/localipspolicy method get input argument name type required description path parameters sensor id number required the unique identifier of the sensor for which the policy is being created or updated path parameters interface id number required the unique identifier of the interface for which the policy is being created or updated input example {"path parameters" {"sensor id" 1001,"interface id" 501,"subinterface id" 105}} output parameter type description status code number http status code of the response reason string response reason phrase policydescriptor object output field policydescriptor policydescriptor policyname string name of the resource policydescriptor description string output field policydescriptor description policydescriptor isvisibletochildren boolean output field policydescriptor isvisibletochildren policydescriptor inboundruleset string output field policydescriptor inboundruleset policydescriptor outboundruleset string output field policydescriptor outboundruleset policydescriptor attackcategory object output field policydescriptor attackcategory policydescriptor attackcategory expolitattacklist array output field policydescriptor attackcategory expolitattacklist policydescriptor attackcategory expolitattacklist attackname string name of the resource policydescriptor attackcategory expolitattacklist nspid string unique identifier policydescriptor attackcategory expolitattacklist severity number output field policydescriptor attackcategory expolitattacklist severity policydescriptor attackcategory expolitattacklist isseveritycustomized boolean output field policydescriptor attackcategory expolitattacklist isseveritycustomized policydescriptor attackcategory expolitattacklist isenabled boolean output field policydescriptor attackcategory expolitattacklist isenabled policydescriptor attackcategory expolitattacklist isalertcustomized boolean output field policydescriptor attackcategory expolitattacklist isalertcustomized policydescriptor attackcategory expolitattacklist isrecommendedforsmartblocking boolean output field policydescriptor attackcategory expolitattacklist isrecommendedforsmartblocking policydescriptor attackcategory expolitattacklist attackresponse object output field policydescriptor attackcategory expolitattacklist attackresponse policydescriptor attackcategory expolitattacklist attackresponse tcpreset string output field policydescriptor attackcategory expolitattacklist attackresponse tcpreset policydescriptor attackcategory expolitattacklist attackresponse istcpresetcustomized boolean output field policydescriptor attackcategory expolitattacklist attackresponse istcpresetcustomized policydescriptor attackcategory expolitattacklist attackresponse isicmpsend boolean output field policydescriptor attackcategory expolitattacklist attackresponse isicmpsend policydescriptor attackcategory expolitattacklist attackresponse isicmpsendcustomized boolean output field policydescriptor attackcategory expolitattacklist attackresponse isicmpsendcustomized policydescriptor attackcategory expolitattacklist attackresponse mcafeenacnotification string output field policydescriptor attackcategory expolitattacklist attackresponse mcafeenacnotification policydescriptor attackcategory expolitattacklist attackresponse ismcafeenacnotificationenabled boolean output field policydescriptor attackcategory expolitattacklist attackresponse ismcafeenacnotificationenabled policydescriptor attackcategory expolitattacklist attackresponse isquarantinecustomized boolean output field policydescriptor attackcategory expolitattacklist attackresponse isquarantinecustomized output example {"status code" 200,"reason" "ok","json body" {"policydescriptor" {"policyname" "local policy /my company/ips ns9200/g3/1 g3/2/interface 1","description" "to test the policies","isvisibletochildren"\ true,"inboundruleset" "testruleset","outboundruleset" "null","attackcategory" {},"outboundattackcategory" {},"dospolicy" {},"reconpolicy" {},"dosresponsesensitivitylevel" 0,"iseditable"\ false,"timestamp" "2012 08 31 15 20 55 000","versionnum" 1,"islightweightpolicy"\ true}}} get quarantined host details retrieve details of hosts quarantined by trellix ips using the specified sensor id endpoint url /sensor/{{sensor id}}/action/quarantinehost/details method get input argument name type required description path parameters sensor id number required sensor id input example {"path parameters" {"sensor id" 123}} output parameter type description status code number http status code of the response reason string response reason phrase quarantinehostdetail array output field quarantinehostdetail quarantinehostdetail ipaddress string output field quarantinehostdetail ipaddress quarantinehostdetail quarantinedetails object output field quarantinehostdetail quarantinedetails quarantinehostdetail quarantinedetails device string output field quarantinehostdetail quarantinedetails device quarantinehostdetail quarantinedetails quarantinezone string output field quarantinehostdetail quarantinedetails quarantinezone quarantinehostdetail addedtoquarantine object output field quarantinehostdetail addedtoquarantine quarantinehostdetail addedtoquarantine by string output field quarantinehostdetail addedtoquarantine by quarantinehostdetail addedtoquarantine time string time value quarantinehostdetail remediate boolean output field quarantinehostdetail remediate quarantinehostdetail pendingrelease string output field quarantinehostdetail pendingrelease output example {"status code" 200,"reason" "ok","json body" {"quarantinehostdetail" \[{}]}} get quarantined hosts retrieve a list of hosts quarantined by a specific sensor in trellix ips using the sensor's id endpoint url /sensor/{{sensor id}}/action/quarantinehost method get input argument name type required description path parameters sensor id number required sensor id input example {"path parameters" {"sensor id" 123}} output parameter type description status code number http status code of the response reason string response reason phrase quarantinehostdescriptor array output field quarantinehostdescriptor quarantinehostdescriptor ipaddress string output field quarantinehostdescriptor ipaddress quarantinehostdescriptor duration number output field quarantinehostdescriptor duration output example {"status code" 200,"reason" "ok","json body" {"quarantinehostdescriptor" \[{},{}]}} get rule object retrieves detailed information for a specified rule object in trellix ips using the ruleobject id endpoint url sdkapi/ruleobject/{{ruleobject id}} method get input argument name type required description path parameters ruleobject id number required the id of the rule object to get input example {"path parameters" {"ruleobject id" 121}} output parameter type description status code number http status code of the response reason string response reason phrase ruleobjdef object output field ruleobjdef ruleobjdef ruleobjid string unique identifier ruleobjdef ruleobjtype string type of the resource ruleobjdef name string name of the resource ruleobjdef description string output field ruleobjdef description ruleobjdef domain number output field ruleobjdef domain ruleobjdef visibletochild boolean output field ruleobjdef visibletochild ruleobjdef hostcriticality string output field ruleobjdef hostcriticality ruleobjdef applicationgroup object output field ruleobjdef applicationgroup ruleobjdef applicationoncustomport object output field ruleobjdef applicationoncustomport ruleobjdef finitetimeperiod object output field ruleobjdef finitetimeperiod ruleobjdef hostipv4 object output field ruleobjdef hostipv4 ruleobjdef hostipv4 hostipv4addresslist array output field ruleobjdef hostipv4 hostipv4addresslist ruleobjdef hostipv4 hostipv4addresslist ruleobjectid number unique identifier ruleobjdef hostipv4 hostipv4addresslist value string value for the parameter ruleobjdef hostipv4 hostipv4addresslist state number output field ruleobjdef hostipv4 hostipv4addresslist state ruleobjdef hostipv4 hostipv4addresslist comment string output field ruleobjdef hostipv4 hostipv4addresslist comment ruleobjdef hostipv4 hostipv4addresslist userid number unique identifier ruleobjdef hostipv4 hostipv4addresslist changedstate number output field ruleobjdef hostipv4 hostipv4addresslist changedstate ruleobjdef hostipv6 object output field ruleobjdef hostipv6 ruleobjdef hostdnsname object name of the resource ruleobjdef ipv4addressrange object output field ruleobjdef ipv4addressrange ruleobjdef ipv6addressrange object output field ruleobjdef ipv6addressrange output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"ruleobjdef" {"ruleobjid" "234","ruleobjtype" "host ipv 4","name" "test sdk3","description" "try","domain" 0,"visibletochild"\ true,"hostcriticality" "high","applicationgroup"\ null,"applicationoncustomport"\ null,"finitetimeperiod"\ null,"hostipv4" {},"hostipv6"\ null,"hostdnsname"\ null,"ipv4addressrange"\ null,"ipv6addressrange"\ null}}} get rule object associations retrieve associations of a specific rule object across all modules in trellix ips using the ruleobject id endpoint url sdkapi/ruleobject/{{ruleobject id}}/assignments method get input argument name type required description path parameters ruleobject id number required the id of the rule object to get the associations for input example {"path parameters" {"ruleobject id" 121}} output parameter type description status code number http status code of the response reason string response reason phrase ruleobjectassociationresponselist array output field ruleobjectassociationresponselist ruleobjectassociationresponselist usagepath string output field ruleobjectassociationresponselist usagepath output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"ruleobjectassociationresponselist" \[{},{}]}} get rule objects in a domain retrieves a list of rule objects within a specified domain in trellix ips, requiring the domain id and object type endpoint url sdkapi/domain/{{domain id}}/ruleobject method get input argument name type required description parameters type string required rule object type, can be application, applicationgroup, applicationoncustomport, country, finitetimeperiod, hostdnsname, hostipv4, hostipv6, ipv4addressrange, ipv6addressrange, network ipv4, networkipv6, networkgroup, recurringtimeperiod, recurringtimeperiodgroup, service, servicerange, servicegroup path parameters domain id number required parameters for the get rule objects in a domain action input example {"parameters" {"type" "application,applicationgroup"},"path parameters" {"domain id" 1}} output parameter type description status code number http status code of the response reason string response reason phrase ruleobjdef array output field ruleobjdef ruleobjdef ruleobjid string unique identifier ruleobjdef ruleobjtype string type of the resource ruleobjdef name string name of the resource ruleobjdef description string output field ruleobjdef description ruleobjdef domain number output field ruleobjdef domain ruleobjdef visibletochild boolean output field ruleobjdef visibletochild ruleobjdef hostcriticality string output field ruleobjdef hostcriticality ruleobjdef applicationgroup object output field ruleobjdef applicationgroup ruleobjdef applicationoncustomport object output field ruleobjdef applicationoncustomport ruleobjdef finitetimeperiod object output field ruleobjdef finitetimeperiod ruleobjdef hostipv4 object output field ruleobjdef hostipv4 ruleobjdef hostipv4 hostipv4addresslist array output field ruleobjdef hostipv4 hostipv4addresslist ruleobjdef hostipv4 hostipv4addresslist ruleobjectid number unique identifier ruleobjdef hostipv4 hostipv4addresslist value string value for the parameter ruleobjdef hostipv4 hostipv4addresslist state number output field ruleobjdef hostipv4 hostipv4addresslist state ruleobjdef hostipv4 hostipv4addresslist comment string output field ruleobjdef hostipv4 hostipv4addresslist comment ruleobjdef hostipv4 hostipv4addresslist userid number unique identifier ruleobjdef hostipv4 hostipv4addresslist changedstate number output field ruleobjdef hostipv4 hostipv4addresslist changedstate ruleobjdef hostipv6 object output field ruleobjdef hostipv6 ruleobjdef hostdnsname object name of the resource ruleobjdef ipv4addressrange object output field ruleobjdef ipv4addressrange ruleobjdef ipv6addressrange object output field ruleobjdef ipv6addressrange output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"ruleobjdef" \[{}]}} get scanning exception details on a sensor retrieve scanning exception details for a specified sensor in trellix ips using the provided sensor id endpoint url /sensor/{{sensor id}}/scanningexception method get input argument name type required description path parameters sensor id number required sensor id scanningexceptionresponseelement object optional object that contains the details of the field to be sent scanningexceptionresponseelement tcprules object optional object containing tcp rule settings scanningexceptionresponseelement tcprules tcpportrangelist object optional list of objects containing tcp port range setting scanningexceptionresponseelement tcprules tcpportrangelist tcpportrange string optional tcp port range in format "from to" scanningexceptionresponseelement udprules object optional object containing udp rule settings scanningexceptionresponseelement udprules udpportrangelist object optional list of objects containing udp port range setting scanningexceptionresponseelement udprules udpportrangelist udpportrange string optional udp port range in format "from to" scanningexceptionresponseelement vlanrules object optional object containing vlan rule settings scanningexceptionresponseelement vlanrules vlanidrangelist object optional list of objects containing vlan id range setting scanningexceptionresponseelement vlanrules vlanidrangelist vlanidrange string optional vlan id range in format "from to" scanningexceptionresponseelement vlanrules vlanidrangelist portpairname string optional name of the port pair input example {"path parameters" {"sensor id" 123},"scanningexceptionresponseelement" {"tcprules" {"tcpportrangelist" {"tcpportrange" "string"}},"udprules" {"udpportrangelist" {"udpportrange" "string"}},"vlanrules" {"vlanidrangelist" {"vlanidrange" "string","portpairname" "example name"}}}} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"reason" "ok","json body" {"status" 1}} get scanning exception status on a sensor retrieve the scanning exception status on a specific sensor in trellix ips using the provided sensor id and scanningexceptionstatuselement endpoint url /sensor/{{sensor id}}/scanningexception/status method get input argument name type required description path parameters sensor id number required sensor id scanningexceptionstatuselement object optional object that contains the details of the field to be sent scanningexceptionstatuselement enabled boolean required indicates if scanning exception is enabled on the sensor input example {"path parameters" {"sensor id" 123},"scanningexceptionstatuselement" {"enabled"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"reason" "ok","json body" {"status" 1}} get user group retrieves user group rule objects from trellix ips, providing an overview of group configurations endpoint url sdkapi/ruleobject/usergroup method get output parameter type description status code number http status code of the response reason string response reason phrase usergroupruleobjectresponselist array output field usergroupruleobjectresponselist usergroupruleobjectresponselist ruleobjectid string unique identifier usergroupruleobjectresponselist ruleobjectname string name of the resource usergroupruleobjectresponselist ruleobjecttype string type of the resource output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"usergroupruleobjectresponselist" \[{},{}]}} get user rule objects retrieves a list of user defined rule objects from trellix ips for further analysis or modification endpoint url sdkapi/ruleobject/user method get input argument name type required description parameters filter string optional the filter to apply to the user rule objects parameters max entries expected number optional the maximum number of entries expected input example {"parameters" {"filter" "user","max entries expected" 100}} output parameter type description status code number http status code of the response reason string response reason phrase userruleobjectresponselist array output field userruleobjectresponselist userruleobjectresponselist ruleobjectid string unique identifier userruleobjectresponselist ruleobjectname string name of the resource userruleobjectresponselist ruleobjecttype string type of the resource output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"userruleobjectresponselist" \[{},{}]}} import rule members to existing rule obj from file imports rule members from a csv file to an existing trellix ips rule object, requiring 'importoption' and 'ruleobjid' endpoint url sdkapi/ruleobject/importeditromembers method post input argument name type required description parameters importoption number required import option id, should be 1 to append and 2 to replace the existing rule members parameters ruleobjid number required the id of the rule object to import the rule members to files object required csv file containing the rule members to import files file string optional parameter for import rule members to existing rule obj from file files file name string optional name of the resource input example {"parameters" {"importoption id" 2,"ruleobjid" 0},"files" {"file name" "rule members csv","file" "data\ application/vnd ms excel;base64, "}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful ruleobjectid number unique identifier errorcode number error message if any errormsg object error message if any invalidentriesexist boolean unique identifier output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"ruleobjectid" 238,"errorcode" 0,"errormsg"\ null,"invalidentriesexist"\ true}} import rule members to new rule object from file imports rule members to a new trellix ips rule object from a specified csv file, requiring files, data body, and import options endpoint url sdkapi/ruleobject/importromembers method post input argument name type required description parameters importoption number required import option id, should be 1 to append and 2 to replace the existing rule members parameters ruleobjid number optional the id of the rule object to import the rule members to data body object required response data data body ropropertiesjson object required response data data body ropropertiesjson ruleobjdef object required response data data body ropropertiesjson ruleobjdef ruleobjid number required the id of the rule object to import the rule members to data body ropropertiesjson ruleobjdef ruleobjtype string required the type of the rule object to import the rule members to data body ropropertiesjson ruleobjdef name string required the name of the rule object to import the rule members to data body ropropertiesjson ruleobjdef description string required the description of the rule object to import the rule members to data body ropropertiesjson ruleobjdef domain number required the domain of the rule object to import the rule members to data body ropropertiesjson ruleobjdef visibletochild boolean required is rule object visible to child data body ropropertiesjson ruleobjdef hostipv4 object optional the list of host ipv4 addresses to import the rule members to data body ropropertiesjson ruleobjdef hostipv4 hostipv4addresslist array required the list of host ipv4 addresses to import the rule members to data body ropropertiesjson ruleobjdef hostipv6 object optional the list of host ipv6 addresses to import the rule members to data body ropropertiesjson ruleobjdef hostipv6 hostipv6addresslist array required the list of host ipv6 addresses to import the rule members to data body ropropertiesjson ruleobjdef networkipv4 object optional the list of network ipv4 addresses to import the rule members to data body ropropertiesjson ruleobjdef networkipv4 networkipv4list array required the list of network ipv4 addresses to import the rule members to data body ropropertiesjson ruleobjdef networkipv6 object optional the list of network ipv6 addresses to import the rule members to data body ropropertiesjson ruleobjdef networkipv6 networkipv6list array required the list of network ipv6 addresses to import the rule members to files object required csv file containing the rule members to import files file string optional parameter for import rule members to new rule object from file files file name string optional name of the resource input example {"parameters" {"importoption id" 2,"ruleobjid" 0},"data body" {"ropropertiesjson" {"ruleobjdef" {"ruleobjid" 0,"ruleobjtype" "host ipv 4","name" "test sdk6","description" "try","domain" 0,"visibletochild"\ true,"hostipv4" {"hostipv4addresslist" \[]},"hostipv6" {"hostipv6addresslist" \[]},"networkipv4" {"networkipv4list" \[]},"networkipv6" {"networkipv6list" \[]}}}},"files" {"file name" "rule members csv","file" "data\ application/vnd ms excel;base64, "}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful ruleobjectid number unique identifier errorcode number error message if any errormsg object error message if any invalidentriesexist boolean unique identifier output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"ruleobjectid" 238,"errorcode" 0,"errormsg"\ null,"invalidentriesexist"\ true}} quarantine host isolates a host for a specified duration using the trellix ips sensor, requiring both sensor id and ip address endpoint url /sensor/{{sensor id}}/action/quarantinehost method post input argument name type required description path parameters sensor id number required sensor id ipaddress string optional ipv4/ipv6 to be quarantined duration string optional duration for which the ip is to be quarantined remediate boolean optional remediate the ip along with quarantine input example {"path parameters" {"sensor id" 123},"ipaddress" "string","duration" "string","remediate"\ true} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"reason" "ok","json body" {"status" 1}} release quarantined host releases a quarantined host in trellix ips using the specified sensor id and ip address endpoint url /sensor/{{sensor id}}/action/quarantinehost/{{ipaddress}} method delete input argument name type required description path parameters sensor id number required sensor id path parameters ipaddress string required ipv4/ipv6 to be released from quarantine input example {"path parameters" {"sensor id" 123,"ipaddress" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"reason" "ok","json body" {"status" 1}} unassign attack filter to sensor and attack removes specified attack filters from a sensor and attack in trellix ips, using sensor id, attack id, and direction endpoint url /sensor/{{sensor id}}/attackfilter/{{attack id}} method delete input argument name type required description parameters direction string required attack direction path parameters sensor id number required id of the sensor from which attack filters are to be unassigned path parameters attack id string required attack id from which attack filters are to be unassigned input example {"parameters" {"direction" "inbound"},"path parameters" {"sensor id" 1234,"attack id" "12edw"}} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"reason" "ok","json body" {"status" 1}} unassign attack filters assigned to domain removes all attack filters linked to a specific attack from a domain in trellix ips, using domain and attack ids, plus direction endpoint url /domain/{{domain id}}/attackfilter/{{attack id}} method delete input argument name type required description parameters direction string required attack direction path parameters domain id number required id of the domain in which the attack filter is created path parameters attack id string required attack id from which attack filters are to be unassigned input example {"parameters" {"direction" "inbound"},"path parameters" {"domain id" 1234,"attack id" "12efpq"}} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"reason" "ok","json body" {"status" 1}} unassign attack filters to interface removes specific attack filters from an interface or subinterface on a trellix ips sensor by utilizing sensor, interface, and attack ids endpoint url /sensor/{{sensor id}}/interface/{{interface id}}/attackfilter/{{attack id}} method get input argument name type required description parameters direction string required attack direction path parameters sensor id number required id of the sensor from which the attack filter is to be unassigned path parameters interface id number required interface/subinterface id from which the attack filter is to be unassigned path parameters attack id string required id of the attack from which attack filters are to be unassigned input example {"parameters" {"direction" "inbound"},"path parameters" {"sensor id" 1212345,"interface id" 124567,"attack id" "132efji"}} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"reason" "ok","json body" {"status" 1}} update attack filter updates an existing attack filter in trellix ips with details like domainid, matchcriteria, and other specified criteria endpoint url /attackfilter/{{attackfilter id}} method put input argument name type required description path parameters attackfilter id number required id of the attack filter to be updated domainid number optional id of domain to which this attack filter belongs to description string optional description of the attack filter matchcriteria object optional match criteria for the attack filter matchcriteria exclusion array required list of exclusion criteria matchcriteria exclusion ip object optional ip exclusion criteria matchcriteria exclusion ip destend string optional destination ip end range matchcriteria exclusion ip destmode string required destination ip mode matchcriteria exclusion ip srcmode string required source ip mode matchcriteria exclusion ip srcstart string optional source ip start range matchcriteria exclusion ip deststart string optional destination ip start range matchcriteria exclusion ip srcend string optional source ip end range matchcriteria exclusion port object optional tcp/udp port matchcriteria exclusion port srcportmode string required source port mode matchcriteria exclusion port srcport string optional source port matchcriteria exclusion port destport string optional destination port matchcriteria exclusion port destportmode string required destination port mode lastmodts string optional last modified timestamp of the attack filter attackfilterid number optional id of the attack filter type string optional attack filter type name string optional name of the attack filter input example {"json body" {"domainid" 0,"description" "try","matchcriteria" {"exclusion" \[{"ip" {"destend" "1 1 1 17","destmode" "range ip","srcmode" "single ip","srcstart" "1 1 1 1","deststart" "1 1 1 13","srcend" "1 1 1 11"},"port" {"srcportmode" "tcp","srcport" "85","destport" "89","destportmode" "tcp"}}]},"lastmodts" "2012 07 24 00 19 00","attackfilterid" 419,"type" "ipv 4 and tcp udp port","name" "test1"},"path parameters" {"attackfilter id" 12345}} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"reason" "ok","json body" {"status" 1}} update firewall policy updates a trellix ips firewall policy with specific configurations like name, domain, and member details using the given policy id endpoint url /firewallpolicy/{{policy id}} method put input argument name type required description path parameters policy id number required the unique identifier of the firewall policy to be updated firewallpolicyid number optional unique identifier name string optional name of the resource domainid number optional unique identifier visibletochild boolean optional parameter for update firewall policy description string optional parameter for update firewall policy lastmodifiedtime string optional time value iseditable boolean optional parameter for update firewall policy policytype string optional type of the resource policyversion number optional parameter for update firewall policy lastmodifieduser string optional parameter for update firewall policy memberdetails object optional parameter for update firewall policy memberdetails memberrulelist array required parameter for update firewall policy memberdetails memberrulelist description string required parameter for update firewall policy memberdetails memberrulelist enabled boolean required parameter for update firewall policy memberdetails memberrulelist response string required parameter for update firewall policy memberdetails memberrulelist islogging boolean required parameter for update firewall policy memberdetails memberrulelist direction string required parameter for update firewall policy memberdetails memberrulelist sourceaddressobjectlist array required parameter for update firewall policy memberdetails memberrulelist sourceaddressobjectlist ruleobjectid string required unique identifier memberdetails memberrulelist sourceaddressobjectlist name string required name of the resource memberdetails memberrulelist sourceaddressobjectlist ruleobjecttype string required type of the resource memberdetails memberrulelist destinationaddressobjectlist array required parameter for update firewall policy memberdetails memberrulelist destinationaddressobjectlist ruleobjectid string required unique identifier memberdetails memberrulelist destinationaddressobjectlist name string required name of the resource input example {"json body" {"name" "testfirewallpolicy","domainid" 0,"visibletochild"\ true,"description" "test the firewallpolicy","lastmodifiedtime" "2012 12 12 12 30 47","iseditable"\ true,"policytype" "advanced","policyversion" 1,"lastmodifieduser" "admin","memberdetails" {"memberrulelist" \[{"description" "test member rule","enabled"\ true,"response" "scan","islogging"\ false,"direction" "inbound","sourceaddressobjectlist" \[{"ruleobjectid" "af","name" "afghanistan","ruleobjecttype" "country"}],"destinationaddressobjectlist" \[{"ruleobjectid" "101","name" "hostdnsrule","ruleobjecttype" "host dns name"},{"ruleobjectid" "102","name" "hostipv4","ruleobjecttype" "host ipv 4"},{"ruleobjectid" "103","name" "ipv4addressrange","ruleobjecttype" "ipv 4 address range"},{"ruleobjectid" "104","name" "networkgroup","ruleobjecttype" "network group"}],"sourceuserobjectlist" \[{"ruleobjectid" " 1","name" "any","ruleobjecttype" "user"}],"serviceobjectlist" \[],"applicationobjectlist" \[{"ruleobjectid" "1308991488","name" "100bao","ruleobjecttype" "application","applicationtype" "default"},{"ruleobjectid" "106","name" "applicaiononcutomport","ruleobjecttype" "application on custom port","applicationtype" "custom"},{"ruleobjectid" "105","name" "applicationgroup","ruleobjecttype" "application group","applicationtype" "custom"}],"timeobjectlist" \[{"ruleobjectid" "107","name" "finitetimeperiod","ruleobjecttype" "finite timing period"},{"ruleobjectid" "108","name" "recuringtimeperiod","ruleobjecttype" "recurring time period"},{"ruleobjectid" "109","name" "recurringtimeperiodgroup","ruleobjecttype" "recurring time period group"}]}]}},"path parameters" {"policy id" 120}} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"reason" "ok","json body" {"status" 1}} update ips policy updates a specified trellix ips policy using the provided policy id and outboundattackcategory endpoint url /ipspolicy/{{policyid}} method put input argument name type required description path parameters policyid number required the unique identifier of the ips policy to update dosresponsesensitivitylevel number optional the sensitivity level for dos response in the policy direction number optional the direction of the policy (e g , inbound or outbound) description string optional a brief description of the ips policy iseditable boolean optional indicates if the policy is editable policyname string optional the name of the ips policy reconpolicy object optional the reconnaissance policy configuration reconpolicy reconattacklist array optional list of reconnaissance attacks for the policy reconpolicy reconattacklist isalertcustomized boolean optional indicates if alert settings are customized for this recon attack reconpolicy reconattacklist isquarantinecustomized boolean optional indicates if quarantine settings are customized for this recon attack reconpolicy reconattacklist severity number optional the severity level of the recon attack reconpolicy reconattacklist isthresholddurationcustomized boolean optional indicates if the threshold duration is customized for this recon attack reconpolicy reconattacklist issendalerttomanager boolean optional indicates if alerts should be sent to the manager for this recon attack reconpolicy reconattacklist nspid string optional the unique identifier for the recon attack reconpolicy reconattacklist thresholdduration number optional the duration for the threshold in seconds for this recon attack reconpolicy reconattacklist alertsuppressiontimer number optional the timer for alert suppression for this recon attack reconpolicy reconattacklist isalertsuppressiontimercustomized boolean optional indicates if the alert suppression timer is customized for this recon attack reconpolicy reconattacklist ismcafeenacnotificationenabled boolean optional indicates if mcafee nac notification is enabled for this recon attack reconpolicy reconattacklist thresholdvalue number optional the threshold value for the recon attack reconpolicy reconattacklist notification object required notification settings for this recon attack, including email, pager, script, auto acknowledgment, snmp, and syslog reconpolicy reconattacklist notification isautoackcustomized boolean optional indicates if auto acknowledgment setting is customized reconpolicy reconattacklist notification ispager boolean optional indicates if pager notifications are enabled reconpolicy reconattacklist notification issyslogcustomized boolean optional indicates if syslog notification setting is customized reconpolicy reconattacklist notification ispagercustomized boolean optional indicates if pager notification setting is customized reconpolicy reconattacklist notification isemail boolean optional indicates if email notifications are enabled input example {"path parameters" {"policyid" 123},"dosresponsesensitivitylevel" 123,"direction" 123,"description" "string","iseditable"\ true,"policyname" "example name","reconpolicy" {"reconattacklist" \[{"isalertcustomized"\ true,"isquarantinecustomized"\ true,"severity" 123,"isthresholddurationcustomized"\ true,"issendalerttomanager"\ true,"nspid" "string","thresholdduration" 123,"alertsuppressiontimer" 123,"isalertsuppressiontimercustomized"\ true,"ismcafeenacnotificationenabled"\ true,"thresholdvalue" 123,"notification" {"isautoackcustomized"\ true,"ispager"\ true,"issyslogcustomized"\ true,"ispagercustomized"\ true,"isemail"\ true,"isscriptcustomized"\ true,"issnmpcustomized"\ true,"isscript"\ true,"issnmp"\ true,"isemailcustomized"\ true,"isautoack"\ true,"issyslog"\ true},"mcafeenacnotification" "string","isremediateenabled"\ true,"isseveritycustomized"\ true,"isthresholdvaluecustomized"\ true}]},"dospolicy" {"learningattack" \[{"isalertcustomized"\ true,"direction" "string","severity" 123,"isdroppacket"\ true,"issendalerttomanager"\ true,"nspid" "string","isblockingsettingcustomized"\ true,"attackname" "example name","isseveritycustomized"\ true,"notification" {"isautoackcustomized"\ true,"ispager"\ true,"issyslogcustomized"\ true,"ispagercustomized"\ true,"isemail"\ true,"isscriptcustomized"\ true,"issnmpcustomized"\ true,"isscript"\ true,"issnmp"\ true,"isemailcustomized"\ true,"isautoack"\ true,"issyslog"\ true}}],"thresholdattack" \[{"isalertcustomized"\ true,"direction" "string","severity" 123,"isthresholddurationcustomized"\ true,"issendalerttomanager"\ true,"nspid" "string","thresholdduration" 123,"isseveritycustomized"\ true,"notification" {"isautoackcustomized"\ true,"ispager"\ true,"issyslogcustomized"\ true,"ispagercustomized"\ true,"isemail"\ true,"isscriptcustomized"\ true,"issnmpcustomized"\ true,"isscript"\ true,"issnmp"\ true,"isemailcustomized"\ true,"isautoack"\ true,"issyslog"\ true},"attackname" "example name","thresholdvalue" 123,"isthresholdvaluecustomized"\ true}]},"isvisibletochildren"\ true,"outboundattackcategory" {"expolitattacklist" \[{"isalertcustomized"\ true,"blockingtype" "string","direction" "string","severity" 123,"attackresponse" {"isflowcustomized"\ true,"isicmpsend"\ true,"blockingoption" "string","mcafeenacnotification" "string","isalertcustomized"\ true,"iscapturedprior"\ true,"numberofbytesineachpacket" {},"isicmpsendcustomized"\ true,"iscapturedpriorcustomized"\ true,"timestamp" "2024 01 01t00 00 00z","isquarantinecustomized"\ true,"tcpreset" "string","islogcustomized"\ true,"istcpresetcustomized"\ true,"isnbytescustomized"\ true,"flow" "string","ismcafeenacnotificationenabled"\ true,"isalert"\ true,"action" "string","loggingduration" {},"isremediateenabled"\ true,"isblockingoptioncustomized"\ true},"nspid" "string","isenabled"\ true,"benigntriggerprobability" "string","notification" {"isautoackcustomized"\ true,"ispager"\ true,"issyslogcustomized"\ true,"ispagercustomized"\ true,"isemail"\ true,"isscriptcustomized"\ true,"issnmpcustomized"\ true,"isscript"\ true,"issnmp"\ true,"isemailcustomized"\ true,"isautoack"\ true,"issyslog"\ true},"isrecommendedforsmartblocking"\ true,"isseveritycustomized"\ true,"subcategory" "string"}]},"attackcategory" {"expolitattacklist" \[{"isalertcustomized"\ true,"blockingtype" "string","direction" "string","severity" 123,"attackresponse" {"isflowcustomized"\ true,"isicmpsend"\ true,"blockingoption" "string","mcafeenacnotification" "string","isalertcustomized"\ true,"iscapturedprior"\ true,"numberofbytesineachpacket" {},"isicmpsendcustomized"\ true,"iscapturedpriorcustomized"\ true,"timestamp" "2024 01 01t00 00 00z","isquarantinecustomized"\ true,"tcpreset" "string","islogcustomized"\ true,"istcpresetcustomized"\ true,"isnbytescustomized"\ true,"flow" "string","ismcafeenacnotificationenabled"\ true,"isalert"\ true,"action" "string","loggingduration" {},"isremediateenabled"\ true,"isblockingoptioncustomized"\ true},"nspid" "string","isenabled"\ true,"benigntriggerprobability" "string","notification" {"isautoackcustomized"\ true,"ispager"\ true,"issyslogcustomized"\ true,"ispagercustomized"\ true,"isemail"\ true,"isscriptcustomized"\ true,"issnmpcustomized"\ true,"isscript"\ true,"issnmp"\ true,"isemailcustomized"\ true,"isautoack"\ true,"issyslog"\ true},"isrecommendedforsmartblocking"\ true,"isseveritycustomized"\ true,"subcategory" "string"}]},"outboundruleset" "string","inboundruleset" "string"} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"reason" "ok","json body" {"status" 1}} update ips quarantine duration for a host modifies the quarantine duration for a host in trellix ips using the provided sensor id, ip address, and duration endpoint url /sensor/{{sensor id}}/action/quarantinehost method put input argument name type required description path parameters sensor id number required sensor id ipaddress string optional ipv4/ipv6 to be quarantined duration string optional duration for which the ip is to be quarantined remediate boolean optional remediate the ip along with quarantine isoverride boolean optional override the previous data if present for the ip provided input example {"path parameters" {"sensor id" 123},"ipaddress" "string","duration" "string","remediate"\ true,"isoverride"\ true} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"reason" "ok","json body" {"status" 1}} update rule object updates a specified rule object in trellix ips with details like type, name, and visibility settings requires ruleobject id and json body endpoint url sdkapi/ruleobject/{{ruleobject id}} method put input argument name type required description path parameters ruleobject id number required the id of the rule object to update ruleobjid number optional the id of the rule object to add ruleobjtype string optional the type of the rule object to add name string optional the name of the rule object to add description string optional the description of the rule object to add domain number optional id of domain in which the rule object is defined visibletochild boolean optional is rule object visible to child applicationgroup object optional application group object, should be defined if ruleobjtype is application group applicationgroup applicationidentifier array required list of applications identifier applicationgroup applicationidentifier applicationruleobjid number required id of the application rule object applicationgroup applicationidentifier applicationtype string required type of the application applicationoncustomport object optional application defined on custom port object, should be defined if ruleobjtype is application on custom port applicationoncustomport applicationid string required id of the application applicationoncustomport portslist array required list of ports applicationoncustomport portslist ipprotocol string required ip protocol, can be "tcp" or "udp" applicationoncustomport portslist port number required port number finitetimeperiod object optional finite time period rule object, should be defined if ruleobjtype is finite time period finitetimeperiod from string required start time of the time period finitetimeperiod until string required end time of the time period hostipv4 object optional host ipv4 rule object, should be defined if ruleobjtype is host ipv 4 hostipv4 hostipv4addresslist array required list of host ipv4 addresses hostipv4 hostipv4addresslist ruleobjid number required rule object id hostipv4 hostipv4addresslist state number required state of the rule member, should be 1 to enable and 0 to disable the rule member hostipv4 hostipv4addresslist comment string optional comment for the rule member hostipv4 hostipv4addresslist userid number required user id of the rule member input example {"path parameters" {"ruleobject id" 21}} output parameter type description status code number http status code of the response reason string response reason phrase status number status value output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"status" 1}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt