Skip to main content

getMonitoredRuleData

You can use this method to retrieved detailed information regarding a specific PHASR rule and the behavioral profiles it applies to.

Parameters

Name

Description

Included in request

Type

Values

companyId

The ID of the company to which the specified rule belongs.

Optional

String

The user making the request must have Network administrator rights for The company the ID belongs to.

Default value: The ID of the company associated with the API key used for the request.

ruleId

The ID of the rule you want to retrieve information for.

Mandatory

Integer

No additional requirements.

profileType

Determines the types of behavioral profiles that are included in the response.

Optional

Integer

Possible values:

  • 1 - Profiles using tools

  • 2 - Profiles not using tools

  • 3 - Profiles restricted by autopilot

  • 4 - Profiles restricted by direct control

Default value: If the parameter is not included in the request, all resource types will be returned.

General parameters

These are common parameters, available across all public API methods.

Parameter

Description

Included in request

Type

Values

id

This parameter adds an identifier to the request, linking it to its corresponding response.

The target replies with the same value in the response, allowing easy call tracking.

Mandatory

String

No additional requirements

method

The name of the method you are using to send the request.

Mandatory

String

Must be a valid method name.

jsonrpc

The version of JSON-RPC used by the request and the response.

Mandatory

Integer

Possible values:

  • 2.0

params

An object containing the configuration of the request.

Mandatory

Object

No additional requirements.

Under the params object

page

The results page number.

Optional

Integer

Default value: 1

perPage

The number of results displayed per page.

Optional

Integer

The upper limit is 100 items per page.

Default value: 30

Return value

Attribute

Type

Description

page

Integer

The page number currently being displayed.

perPage

Integer

The number of results displayed per page.

pagesCount

Integer

The total number of pages included in the response.

total

Integer

The total number of behavioral profiles included in the response.

profilesUsingSuchTools

Integer

The number of behavioral profiles included in the response that exhibited signs of using the tool or technique targeted by the rule.

profilesNotUsingSuchTools

Integer

The number of behavioral profiles included in the response that did not exhibit signs of using the tool or technique targeted by the rule.

restrictedProfilesByAutopilot

Integer

The number of behavioral profiles included in the response for which the recommendations generated by this rule were automatically applied.

restrictedProfilesByDirectControl

Integer

The number of behavioral profiles included in the response where the recommendations triggered by this rule were applied following manual approval.

items

Array of objects

A list of objects that provide information on each behavioral profiles that match the parameters included in the request.

Objects

items

Attribute

Type

Description

resourceName

String

The name of the device associated with the behavioral profile.

resourceId

String

The unique identifier of the device associated with the behavioral profile.

identityName

String

The name of the user account linked to the behavioral profile.

identityId

String

The unique identifier within the system of the user linked to the behavioral profile.

departmentId

String

The unique ID of the department the user belongs to.

departmentName

String

The name of the department the user belongs to.

userSid

String

The system security identifier (SID) of the user.

profileType

Integer

The type of the behavioral profile

Example

Request:

{
    "params": {
      "companyId": "68306c15c9b5cb3e920ffe22",
      "ruleId": 61,
      "page": 1,
      "perPage": 2
    },
    "jsonrpc": "2.0",
    "method": "getMonitoredRuleData",
    "id": "d4d50719-3215-455a-a329-086fe77f6d72"
}

Response:

{
  "id": "d4d50719-3215-455a-a329-086fe77f6d72",
  "jsonrpc": "2.0",
  "result": {
    "page": 1,
    "perPage": 2,
    "pagesCount": 10,
    "total": 19,
    "profilesUsingSuchTools": 1,
    "profilesNotUsingSuchTools": 9,
    "restrictedProfilesByAutopilot": 1,
    "restrictedProfilesByDirectControl": 1,
    "items": [
      {
        "resourceName": "CMOCANU-SELENIU",
        "resourceId": "6a7f1642-bdbc-810b-a42b-e04f2611c538-005056965bef",
        "identityName": "CMOCANU-SELENIU\\bdvm",
        "identityId": "Local_S-1-5-21-2018264366-2484004464-1617746128-1001_68308694de453e6a039e1f6d",
        "departmentId": "683072526ed41db183242348",
        "departmentName": "Department 8",
        "userSid": "S-1-5-21-2018264366-2484004464-1617746128-1001",
        "profileType": 1
      },
      {
        "resourceName": "WIN-06",
        "resourceId": "62c11642-236f-e7bd-cf05-0f91f9346073-005056961e20",
        "identityName": "ROOT\\hr1",
        "identityId": "AD_S-1-5-21-4282359893-3999216301-2697700004-1108",
        "departmentId": "6834222e6ed41db1833ca84c",
        "departmentName": "Department 7",
        "userSid": "S-1-5-21-4282359893-3999216301-2697700004-1108",
        "profileType": 2
      }
    ]
  }
}
In this section: