# API Deployment ## About the Vectra Match APIs Vectra provides different APIs for use with Respond UX or Quadrant UX deployments. Please see the below resources to get started with either API. **Respond UX (API v3.3 or higher)** * [Vectra SaaS API Quickstart Tutorial](https://docs.vectra.ai/configuration/access/api-rux/rux-api-postman-quick-start-guide) * [Vectra SaaS API Guide v3.3](https://docs.vectra.ai/configuration/access/api-rux/v33-api-guide-rux) - Match related content on pages 6-16, 54-63, and 112-137. * [Vectra SaaS API Public Postman Collection](https://www.postman.com/vectra-internal/workspace/vectra-ai/collection/1058623-cc38478b-7261-4e59-8768-1cf61a68ec5d) * v3.3 OpenAPI document containing details and examples: {% file src="" %} **Quadrant UX (API v2.5 or higher)** * [How to query Vectra REST API using Postman platform](https://docs.vectra.ai/configuration/access/api-qux/v25-postman-quick-start-guide-using-token-auth) * [REST API Guide v2.5](https://docs.vectra.ai/configuration/access/api-qux/v25-api-guide-qux) - Match related content on pages 3-5, 55-62, and 123-148. * [Vectra Public Postman Collection](https://www.postman.com/vectra-internal/workspace/vectra-ai/collection/7429442-509c593b-8de4-4aa3-ac05-e07934eb9f17) * v2.5 OpenAPI document containing details and examples: {% file src="" %} The deployment examples included below contain basic steps to get up and running. It is recommended to read the API guide (specific to your deployment type) to see additional examples and definitions for included datapoints. The v3.3 API (RUX) uses OAuth 2.0 to authenticate access. Please see the links above for the quickstart tutorial and API guide for full details on authentication and how to manage token refreshes while accessing the API. Example Request: ``` POST https:///oauth2/token Authorization: Basic :)> Content-Type: application/x-www-form-urlencoded grant_type=client_credentials ``` Example Response: ``` { "access_token": "Z0FBQUFB...", "expires_in": 21600, "refresh_expires_in": 86400, © June 2024 Vectra AI, Inc. | 12 "refresh_token": "eyJzdWIi...", "token_type": "Bearer" } ``` The v2.5 API (QUX) uses token authentication. Every user created on the Vectra platform has access to manage API tokens under the **My Profile** page. Example of using token authentication with cURL is shown below. ``` curl –H “Authorization: Token db20f83b33744690e4168e7994c8dd0b53e64f94” https:///api/v2.5/ ``` ## Overall Match API Capabilities * **Match Enablement** - `/vectra-match/enablement` * `GET` or `POST` to get enablement state or set enablement state per device. * **Match Stats** - `/vectra-match/stats` * `GET` returns detailed stats per device or for all devices that were ever enabled. * **Match Status** - `/vectra-match/status` * `GET` returns health status per device or for all devices that were ever enabled. * **Match Available Devices** - `/vectra-match/available-devices` * `GET` returns available (paired) devices that can be enabled for Match. * **Match Rules** - `/vectra-match/rules` * `GET`, `POST`, or `DELETE` to retrieve information about, upload (v2.5 only), or delete a ruleset file. * **Match Rules Upload** - `/vectra-match/rules/upload/` (v3.3 only) * `POST`, `PATCH`, and `GET` to start a ruleset upload, mark the upload complete, and retrieve status. * **Match Assignments** - `/vectra-match/assignment` * `GET`, `POST`, or `DELETE` to retrieve, assign, or delete a ruleset assignment to a device. * **Match Alert Stats** - `/vectra-match/alert-stats` * `GET` to retrieve top 10 list of most frequently fired rules per device. ## API Deployment Examples In the below deployment examples, please keep in mind the following: * The examples below were created when Match was originally released and are specific to Quadrant UX authentication (token vs OAuth). * For use with RUX (v3.3 API or later), **the example requests would need to be modified to use OAuth** authentication as per the v3.3 API guide. * The endpoints and calls to them are the same as for the v2.5 API with the exception of ruleset upload, which had to be different because of the architecture difference between QUX and RUX deployments. * API calls are made against the Brain in QUX deployments, while they are made against Vectra’s cloud in RUX deployments. * For RUX deployments, rulesets are uploaded to a temporary URL that allows upload to an AWS S3 bucket. The Vectra cloud then transfers the file to the Brain so that it can be assigned to Sensors just like in QUX deployments. * Any example of doing ruleset upload for both RUX and QUX deployments will be included below. **Be sure to follow the correct example depending on which deployment type you have**. * These examples are specific to our sample environment, depending on how you access the API, you will need to adjust for the tooling you use (Postman, cURL, etc). Examples will contain variables that you need to replace with values for your environment such as: * `{{baseURL}}` – replace with IP or hostname of your Brain or Vectra tenant and then add a `/` and the the api version you are using. * For example - `https://brain_hostname_or_ip/v2.5` * For example - `https://vectra_tenant/v3.3` * `` – replace with your API token. * As per the above, the token is only used for v2.5 API, for v3.3 OAuth must be used. * `` – replace with your Sensor serial number. ### Retrieve list of available devices {% hint style="info" %} Devices must be paired to be available for Match enablement (mixed mode devices are supported). {% endhint %} To enable a device (Network Data Source or Sensor), you will need to know its serial number. This can be retrieved from the UI at *Configuration → COVERAGE → Data Sources → Network → Sensor* but using the API makes programmatic retrieval of all devices simple. Our sample deployment contains a single Sensor for simplicity. Making a `GET` request to the `available-devices` endpoint to list available devices (to be available for enabling, a device must be paired to your Brain). ``` GET {{baseUrl}}/vectra-match/available-devices ``` BODY: None Request cURL Example: ``` curl --header "Authorization: Token " https://{{baseURL}}/api/v2.5/vectra-match/available-devices ``` Response Example: ``` { "devices": [ { "alias": "Test Sensor", "location": "Test Environment", "device_serial": "V421f68411bad268b6ead7c47f5ed4fed", "ip_address": "192.168.52.227", "headend_uri": "192.168.52.151", "last_seen": "2023-03-08T21:13:33Z", "product_name": "vSensor", "is_virtual": true, "version": "7.6.0-5-4", "mode": "sensor" } ] } ``` ### Get current enablement state for a given device First, we will check the enablement state of the device we now see as available above by making `GET` request to the **`enablement`** endpoint. ``` GET {{baseUrl}}/vectra-match/enablement?device_serial= ``` Example request: ``` GET https://192.168.1.2/vectra-match/enablement?device_serial=V421f68411bad268b6ead7c47f5ed4fed ``` Request cURL Example: ``` curl --header "Authorization: Token " https://{{baseURL}}/api/v2.5/vectra-match/enablement?device_serial=V421f68411bad268b6ead7c47f5ed4fed ``` Response example: ``` { "is_enabled": false } ``` We see that the device is not currently enabled for Match. ### Set enablement state for a given device To enable this device, we now make `POST` request to the same `enablement` endpoint and include the device serial number and desired state (true/false) in the BODY of the request. ``` POST {{baseUrl}}/vectra-match/enablement ``` BODY Syntax: ``` { "device_serial": "", "desired_state": } ``` Example BODY: ``` { "device_serial": "V421f68411bad268b6ead7c47f5ed4fed", "desired_state": true } ``` Request cURL Example: ``` curl -X POST "https://{{baseURL}}/api/v2.5/vectra-match/enablement" \ -H "Authorization: Token " \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -d '{"device_serial":"V421f68411bad268b6ead7c47f5ed4fed","desired_state":true}' ``` Response Example: ``` { "is_enabled": true } ``` ### Get current status for a device (or all devices) After enabling Match on a device, activation can take 5–10 minutes due to several back-end changes being required. * Include `device_serial` to check a single device. * Omit `device_serial` to retrieve status for all devices. ``` GET {{baseUrl}}/vectra-match/status GET {{baseUrl}}/vectra-match/status?device_serial= ``` Example Request (single device): ``` GET {{baseUrl}}/vectra-match/status?device_serial=V421f68411bad268b6ead7c47f5ed4fed ``` cURL Request Example (single device): ``` curl -H "Authorization: Token " \ "https://{{baseURL}}/api/v2.5/vectra-match/status?device_serial=V421f68411bad268b6ead7c47f5ed4fed" ``` Example Response: ``` { "status": [ { "is_enabled": true, "process_health": "activating", "device_serial": "V421f68411bad268b6ead7c47f5ed4fed", "timestamp": "2023-03-09T16:07:16.905564", "process_error_detail": "" } ] } ``` After Match has successfully activated: ``` { "status": [ { "is_enabled": true, "process_health": "healthy", "device_serial": "V421f68411bad268b6ead7c47f5ed4fed", "timestamp": "2023-03-09T16:11:10.327326", "process_error_detail": "" } ] } ``` ### Upload and validate a new ruleset (v3.3 RUX deployments only) While waiting for device activation, we can upload a ruleset to the Vectra cloud for later assignment to the device. After the ruleset is uploaded to the Vectra cloud, it will automatically be transferred to the Brain where it can then be assigned. The general process to do the ruleset upload for RUX deployments is as follows: 1. `POST` to `{{baseUrl}}/vectra-match/rules/upload/` a JSON body with a desired filename for the upload along with any desired notes. * This will return an ID (used only to track the ruleset upload) and a temporary URL (valid only for 2 minutes). * If you do not start uploading within 2 minutes, you must start over with a new POST. {% hint style="info" %} **Please Note:** * This is not the same as the UUID that will be used to track the rules file on the Brain/Sensors. * This ID only tracks the ruleset upload. The filename that was uploaded must be used later to find the ruleset UUID used for device assignment. * It is recommended to use a unique filename and the optional notes field within the request to describe rulesets so that rulesets are more easily distinguishable from one another. {% endhint %} 2. Use a `PUT` to the URL that was returned in the 1st step with a form data body consisting of the ruleset file to upload the file to Vectra’s cloud. 3. `PATCH` to `{{baseUrl}}/vectra-match/rules/upload/{{ID}}` with a JSON body stating `{"upload_status": "completed"}` to mark the ruleset upload as complete. * The ruleset will then automatically be synced to the Brain appliance. 4. `GET` to `{{baseUrl}}/vectra-match/rules/upload/{{ID}}` to confirm the file has successfully been synced to the Brain appliance. 5. To find the UUID (used for ruleset assignment): * Use the `/assignment` endpoint to list the ruleset assignments. * Find the filename you just uploaded and use the corresponding UUID for ruleset management and assignment. The timestamp may also be useful when searching for the correct UUID. {% hint style="info" %} **Please Note:** After a successful upload and sync to the Brain, the ruleset UUID will be used from this point on to reference this file when interacting with the Match API. During the upload process, the ruleset will be validated. If the ruleset fails validation, a `422` error with details will be returned. {% endhint %} {% hint style="info" %} **Please Note:** A ruleset is accepted when one or more rules within the ruleset are valid. A ruleset is only rejected if there are zero valid rules, it is too large, doesn’t have a .rules extension, or the contents match exactly with an existing ruleset. {% endhint %} {% hint style="info" %} **Please Note:** Per the [Supported Limits](https://docs.vectra.ai/deployment/match/ruleset-management-guidance#supported-limits), a Brain can support a maximum of 25 unique rulesets. A multipart form object, `rotate`, is available to make it easier to stay under this limit. Setting `rotate` to `true` will allow the Brain to delete the oldest unassigned ruleset when a 26th ruleset is attempted to be uploaded. If all rulesets are assigned to sensors or the `rotate` option is not used, when a 26th ruleset is attempted to be uploaded to the Brain, a `507` error stating `More than 25 files are currently stored by Vectra Match. Please delete any unused files and try again` will be returned. {% endhint %} #### Starting Ruleset Upload ``` POST {{baseUrl}}/vectra-match/rules/upload/ ``` Headers: ``` "Authorization": "Bearer " ``` BODY: Form data body with optional notes Request cURL Example: ``` curl --request POST \ --url https:///api/v3.3/vectra-match/rules/uploads/ \ --header 'Authorization: Bearer ' \ --header 'Content-Type: application/json' \ --data '{"file_name": "test_ruleset.rules", "notes": "This is a small test ruleset file"}' ``` Request Python Requests Example: ``` payload = {"file_name": "test_ruleset.rules", "notes": "This is a small test ruleset file"} resp = requests.post("https:///api/v3.3/vectra-match/rules/upload/", headers={"Authorization":"Bearer "}, verify=False, json=payload ``` Response Example: ``` { "urls": [ "https://dev-main-customerfiles-516347559513-uswt2.s3.amazonaws.com/saasbe4922b7385c4b44a80d9a07a6107dc2/c6fca5fa-f4c7-4dd5-a272-b081bfc2c69c?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAXQOFWPZMXYQNAUGR%2F20240624%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240624T174433Z&X-Amz-Expires=120&X-Amz-SignedHeaders=host&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEAIaCXVzLXdlc3QtMiJIMEYCIQDVix4tkVO4NSMvVv5nGmEr9gVgScUtWSKSlr9TZ0BSQgIhAJDIILH584Lgwn5%2FtfKbon2FirvSydQurcRR1Qtif%2Bx5KuQCCKv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQAhoMNTE2MzQ3NTU5NTEzIgwDUIS%2Bbw2MaKvtiyIquAJw4iQYvaZCezdeZA875orf%2Fz6s93fzxy7xmwu7XmhGU9kkr9kyWyTBjJ3qzvwMbCLku0NNTrbZGpHlqLWvrJxNRIhbdN0IhBfS84nW5sAPGQvU6JJs9bpvRNphLK%2BXtwVpDk3TCn6AmSUinm5nDYfm0u0%2Bjxi%2BkUPjKyn%2BtPENGqTKb3RbDpCJWcor7mlt3WXJVM4%2Be8wO53cOAriJYzj%2Frtf5lD4QyXvnX2WW1K%2FYU8eBMALSkRCeZj3EkA0b7bhnttYk4sN9VyXTuPh6TGTZkF3D3B9y%2FSdrP%2FSEIDJM0UdnWI%2BQhV7OlNQbIDxWh0Csuxh14EwBiRNpK%2FW1y9lBFJNzSNr0VgK7BHMxGj%2F9M42Ya3EMjtPHCNUqyiZZ6MyxXIO4pKpjhArTsw%2B9jhJfv%2FrnXZqEVaYwgeHmswY6nAHjAZwA1xPryPchf95xX1hp2fgH3fsnRTiCrj5bkfwGSBEJiYBAUsXmDezrM8v2XxePLJn1gtJFHhemqT2PXhJufXNOZCScDkDFx0fBMUMfeOV1EMhoGJI4Nl%2BjPnbFl9LL8V1R8SjeBDECPoi328w0rBrG77%2FjbXF%2F%2FRSnTLlqzizpa1Tp6yzPOPgImCMyo60An%2Fgb9knB2GHwztY%3D&X-Amz-Signature=3623137532a343ccd24f9a6a2f0f032196fb6d12aa489fefd807685b4e43d5a6" ], "id": "c6fca5fa-f4c7-4dd5-a272-b081bfc2c69c" } ``` #### Uploading the Ruleset ``` PUT ``` Request cURL Example: ``` curl --request PUT \ --url '' \ --upload-file valid_rules.rules ``` Request Python Requests Example: ``` payload = open('./your-file.rules', 'rb') resp = requests.request("PUT", upload-url-from-post, data=payload) ``` Response: ``` Status code: 200 ``` #### Mark Ruleset Upload as Complete Use the ID that was returned from the earlier POST ``` PATCH {{baseUrl}}/vectra-match/rules/upload/ ``` Headers: ``` "Authorization": "Bearer " ``` Required Request JSON Body: ``` {"upload_status": "completed"} ``` Response: ``` { "upload_status": "completed" } ``` #### Confirm Sync of Ruleset to Brain Appliance ``` POST {{baseUrl}}/vectra-match/rules/upload/ ``` Headers: ``` "Authorization": "Bearer " ``` Response: ``` { "id": "c6fca5fa-f4c7-4dd5-a272-b081bfc2c69c", "upload_status": "completed", "external_task_status": "success", "external_task_updated_at": "2024-06-24T17:48:47Z", "external_task_error": "", "external_task_error_code": null } ``` #### Find the UUID of the Ruleset Use the ID that was returned from the earlier POST ``` GET {{baseUrl}}/vectra-match/assignment ``` Headers: ``` "Authorization": "Bearer " ``` Search the output for your filename (using the timestamp may help) and when you find it, the `uuid` that corresponds to the ruleset (now that it is on the Brain appliance) should be used moving forward. Below you will see a portion of the full output of the `GET` to the `/assignment` endpoint and the `uuid` (on 3rd line) that should be used. ``` "rules_to_devices_map": [ { "uuid": "17bafcf9-5794-4942-81c8-c0f8e29a9b8c", "name": "test_ruleset.rules", "device_serials": [], "notes": "This is a small test ruleset file", "hashsum": "fe67ddc7eacc326be9dd1713ce442cd570a833404e6f2a43d6b7f3882d628298", "timestamp": "2024-06-24T17:48:48.782517+00:00" }, ``` ### **Upload and validate a new ruleset (v2.5 QUX deployments only)** While waiting for device activation, we can upload a ruleset to the Brain for later assignment to the device. To upload a new ruleset, make a `POST` request to the `rules` endpoint. Examples using cURL and Python Requests are shown below. Using Postman (collection available at [Vectra Postman collection](https://www.postman.com/vectra-internal/workspace/vectra-ai/collection/7429442-509c593b-8de4-4aa3-ac05-e07934eb9f17)) or another similar tool allows a GUI selection of the file to supply the form data body. It is recommended to use the optional notes field within the request to describe rulesets so that rulesets are more easily distinguishable. {% hint style="info" %} **Please Note:** After a successful upload, the ruleset is given a unique UUID that is shown on the last line of the response example. The UUID will be used from this point on to reference this file when interacting with the Match API. During the upload process, the ruleset will be validated. If the ruleset fails validation, a 422 error with details will be returned. {% endhint %} {% hint style="info" %} **Please Note:** A ruleset is accepted when one or more rules within the ruleset are valid. A ruleset is only rejected if there are zero valid rules, it is too large, doesn’t have a .rules extension, or the contents match exactly with an existing ruleset. {% endhint %} {% hint style="info" %} **Please Note:** Per the [Supported Limits](https://docs.vectra.ai/deployment/match/ruleset-management-guidance#supported-limits), a Brain can support a maximum of 25 unique rulesets. A multipart form object, `rotate`, is available to make it easier to stay under this limit. Setting `rotate` to `true` will allow the Brain to delete the oldest unassigned ruleset when a 26th ruleset is attempted to be uploaded. If all rulesets are assigned to sensors or the `rotate` option is not used, when a 26th ruleset is attempted to be uploaded to the Brain, a `507` error stating `More than 25 files are currently stored by Vectra Match. Please delete any unused files and try again` will be returned. {% endhint %} ``` POST {{baseUrl}}/vectra-match/rules ``` BODY: Form data body with optional notes Request cURL Example: ``` curl --header "Authorization: Token " -F rotate=true file=@valid_rules.rules -F notes="This is a sample note to accompany the rules file" https://{{baseURL}}/api/v2.5/vectra-match/rules ``` Request Python Requests Example: ``` resp = requests.post("https://{{baseURL}}/api/v2.5/vectra-match/rules", headers={"Authorization":"Token "}, files={"file":open("valid_rules.rules","rb")}, data={"notes":"This is a sample note to accompany the rules file", “rotate”:”true”}) ``` Response Example: ``` { "device_serials": [], "hashsum": "f05e73e0aba3e99f4d23e9c899f9332bbba40fca8e0b0ebc77e253f24a876377", "name": "emerging-all.rules", "notes": "This is a sample note to accompany the rules file", "timestamp": "2023-03-09T16:16:48.418373+00:00", "uuid": "44eb3179-ce63-401f-a481-94daa57e8b80" } ``` As you can see in the first line of the response example, the ruleset has not been assigned to any devices yet. ### Add a ruleset assignment to various devices Now that we have a valid ruleset, we can assign this ruleset to our device by making a `POST` request to the `assignment` endpoint. Please note that this operation supports assigning a ruleset to any number of devices with one API call. The first example below is for our example deployment with one device, the second example shows how this would work for multiple device assignment in a single API call. The assignment process will copy the ruleset to the device and Match will begin processing rules against observed traffic after a short delay for automated service restarts. ``` POST {{baseUrl}}/vectra-match/assignment ``` cURL Request Example: ``` curl -X POST https://{{baseURL}}/api/v2.5/vectra-match/assignment --header "Authorization: Token " -H 'Content-Type: application/json' -H 'Accept: application/json' -d '{"uuid":"44eb3179-ce63-401f-a481-94daa57e8b80", "device_serials":[" V421f68411bad268b6ead7c47f5ed4fed"]}' ``` BODY: ``` { "uuid": "44eb3179-ce63-401f-a481-94daa57e8b80", "device_serials": [ "V421f68411bad268b6ead7c47f5ed4fed" ] } ``` BODY Example from OpenAPI document showing multiple device assignment: ``` { "uuid": "6aea451c-4156-4ac6-bbeb-c9e0b16b1da5", "device_serials": [ "U12312300000123", "U12312300000456", "U12312300000789" ] } ``` Response Example: ``` { "details": "Vectra Match ruleset: 44eb3179-ce63-401f-a481-94daa57e8b80 has been assigned to: ['V421f68411bad268b6ead7c47f5ed4fed']" } ``` ### Retrieve all existing mappings between rulesets and devices To see all ruleset assignments, simply make a `GET` request to the `assignment` endpoint. ``` GET {{baseUrl}}/vectra-match/assignment ``` cURL Request Example: ``` curl --header "Authorization: Token " https://{{baseURL}}/api/v2.5/vectra-match/assignment ``` Response Example: ``` { "device_to_rules_map": [ { "device_serial": "V421f68411bad268b6ead7c47f5ed4fed", "rules": [ "44eb3179-ce63-401f-a481-94daa57e8b80" ], "updated_by": "admin", "timestamp": "2023-03-09T16:28:22.930761+00:00" } ], "rules_to_devices_map": [ { "uuid": "44eb3179-ce63-401f-a481-94daa57e8b80", "name": "emerging-all.rules", "device_serials": [ "V421f68411bad268b6ead7c47f5ed4fed" ], "notes": "This is a sample note to accompany the rules file", "hashsum": "f05e73e0aba3e99f4d23e9c899f9332bbba40fca8e0b0ebc77e253f24a876377", "timestamp": "2023-03-09T16:28:26.746874+00:00" } ] } ``` ### Delete a ruleset To delete a ruleset, make a `DELETE` request to the `rules` endpoint with the ruleset `uuid` in the body of the request. Please note that when deleting a ruleset, any corresponding assignments are also removed. ``` DELETE {{baseUrl}}/vectra-match/rules ``` cURL Request Example: ``` curl -X DELETE https://{{baseURL}}/api/v2.5/vectra-match/rules --header "Authorization: Token " -H 'Content-Type: application/json' -H 'Accept: application/json' -d '{"uuid":"}' ``` Body Example: ``` { "uuid": "44eb3179-ce63-401f-a481-94daa57e8b80" } ``` Example Response: ``` { "details": "success" } ``` ### Delete a ruleset assignment To delete a ruleset assignment, make a `DELETE` request to the `assignment` endpoint with the `uuid` and `device_serial` in the body of the request: ``` DELETE {{baseUrl}}/vectra-match/assignment ``` cURL Request Example: ``` curl -X DELETE https://{{baseURL}}/api/v2.5/vectra-match/assignment --header "Authorization: Token " -H 'Content-Type: application/json' -H 'Accept: application/json' -d '{"uuid":"", "device_serial":""}' ``` Body Example: ``` { "uuid": "6aea451c-4156-4ac6-bbeb-c9e0b16b1da5", "device_serial": "U12312300000123" } ``` Example Response: ``` { "details" : "success" } ``` ### Download the Vectra Match Curated Ruleset (v3.3 RUX only) To download the [Vectra Match Curated Ruleset](https://docs.vectra.ai/deployment/match/ruleset-management-guidance#vectra-match-curated-ruleset), make a `GET` request to the `download-vectra-ruleset` endpoint. * This will return a URL that is valid for 2 minutes that can be used to download the curated ruleset. ``` GET {{baseUrl}}/vectra-match/download-vectra-ruleset ``` Example Response: ``` { "download_url": "https://custom_temporary_url_will_be_given.s3.amazonaws.com/common/match/curated.rules?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAXQOFWPZMYDCGRGG5%2F20240906%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240906T155425Z&X-Amz-Expires=120&X-Amz-SignedHeaders=host&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPD%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJHMEUCIQCGVD6PZa%2FzxnF0DAXtEc4Tfu1NtYA9ZclQMt%2BZMYGQqwIgPmBK1CoG2y2M8JA7lWenyP45wlJuzKH4Th%2B1vdGRnPIq2wIIGRACGgw1MTYzNDc1NTk1MTMiDHLyN%2F4l6Fh6tAJ%2Fsyq4AhvGcH9mJwtSgUyfVMcR4biYiGgcdfebX6KxBk6z3ewtFelXXL0Bu%2Btd4DMH3R6duH1IDZV7d8cjJSfWuvvtbmlnXvr2YC96gHSOBWpIvOEsYyZZed0gnwcYGq40ViA%2Bs2orGAyfsUrjFkdaijykiZaDJE3mJcAxQsOQ4Aon6AZ2qQMGOpwYVM7g1QzIBVBNemr9h1PYo81779zK7lrVmXSloj1ObpUHxme4bU74k98I0JdrdUy199bHq%2FbYmQi3Yd1gw60hVdgPtv5BBTw64mHX2HLzxACkyQaR9%2B3KzJWwEdOD26SI7UOnshCeZdtQxN89SHcuirfekyudcjaQrg3AuCDievh5MlVoMPGV97BSIO1uVQd9D0TACLXq5nXYFM41WLUcII8UDCW%2BKH6gua48fzPfdkGkFzCxy%2By2BjqdARm%2F1zbiIzDaz72vzIeWnJVn%2BvoS6UggMfALL4c1rBLd2zKe2qeZ%2Fy%2F%2BK7%2FjceruDY3mi13N93olrfUJu6%2F8pYJrmmRIDssBS3MU%2BujfFM5ScjqOXqzTPVBXNbTng9E%2Fao%2BsEOYz2qFxO6%2BdFJIgAe2c8BReMI0fsmQrT0VUfGBnORRtbpRX5RFQd%2Fn1rZacYWMsFmpqN7wM52JFkuo%3D&X-Amz-Signature=d96f3ee7bbbc01e720da908548ca7fa10fa1c9f046a7104e16c22f06b25e47e7" } ``` To Download the File: * Another `GET` could be used to stream the contents of the curated.rules file * Or a simple `cURL` or `WGET` could be used. cURL example below: ``` curl -O https://custom_temporary_url_will_be_given.s3.amazonaws.com/URL_truncated_for_example_brevity % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 55.8M 100 55.8M 0 0 6049k 0 0:00:09 0:00:09 --:--:-- 5047k ``` ### Download the Vectra Match Curated Ruleset (v2.5 QUX only) To download the [Vectra Match Curated Ruleset](https://docs.vectra.ai/deployment/match/ruleset-management-guidance#vectra-match-curated-ruleset), make a `GET` request to the `download-vectra-ruleset` endpoint. ``` GET {{baseUrl}}/vectra-match/download-vectra-ruleset ``` When using Postman, you can just use the **Send and Download** option instead of the normal **Send** button. cURL Request Example: ``` curl -o curated.rules --header "Authorization: Token " --insecure https:///api/v2.5/vectra-match/download-vectra-ruleset ``` Response: You will receive a `Status Code: 200` and the call will stream the contents of `curated.rules` file