Creating triage filters via API
curl -X POST \
https://<vectra_brain_ip_or_hostname>/api/v2.5/rules/ \
-H 'Authorization: Token <api token>' \
-H 'Content-Type: application/json' \
-d '{
"detection_category": "LATERAL MOVEMENT",
"triage_category": "SSH.Brute.Force-SystemAuth",
"detection": "Brute-Force",
"remote1_ip": ["10.1.1.0/24", "10.1.2.0/24"],
"remote1_proto": ["ssh"],
"is_whitelist": 0,
"description": "Normal Authentication Activity",
"host": [3345]
}'Last updated
Was this helpful?