Managing Exceptions

Get all existing exceptions

URI - GET

To use this endpoint, send a GET request to get the exceptions list: /exceptions/{excType}

Request

The request includes HTTP headers (obtained in the authentication/authorization process and used to sign the request) with request string parameters.

Request Headers

Header

Type

Required

Format

Description/Sample

x-av-req-id

String

Yes

UUID – Generated and supplied on the request.

d290f1ee-6c54-4b01-90e6-d701748f085 1

Authorization

Bearer Token

Yes

Bearer <API Access Token>

A string Bearer followed by the API Access Token. See Generating API Access Token.

For example, assuming that the API Access Token is 1234, the Bearer Token will be Bearer 1234

Request String Parameters

Parameter

Type

Required

Format

Description/Sample

excType

String

Yes

 

Exception type:

  • Whitelist

  • Blacklist

Request Body

Not applicable for GET method.

Request sample (CURL) format

This request sample shows URI base in USA region. For URI base in other regions, see URLs and URL Base.

Copy
curl -X GET -H "Accept: application/json" \
    -H “"-av-req-id: d290f1ee-6c54-4b01-90e6-d701748f0851" \
    -H "Authorization: Bearer 2462b23346ab0642b65d7d094aca5fb4c29fd96d0468deceae2704d258e81497" \
    https://cloudinfra-gw-us.portal.checkpoint.com/app/hec-api/v1.0/exceptions/whitelist

Response

The response obtained from the service includes an HTTP response code and JSON formatted structure.

Response Structure

A valid response obtained from the service (JSON format):

Copy
[{
    "entityId": "string",
    "attachmentMd5": "string",
    "senderEmail": "string"
    "senderName": "string"
    "recipient": "string"
    "senderClientIp": "string"
    "senderDomain": "string"
    "senderIp": "string"
    "linkDomains": "string",
    "subject": "string",
    "comment": "string"
    "actionNeeded": "string",
    "matchOnlyFuture": "string",
    "quarantineAll": "string"
    "ignoringSpfCheck": "boolean"
    "subjectMatching": "string"
    "linkDomainMatching": "string",
    "senderNameMatching": "string",
    "senderDomainMatching": "string",
    "senderEmailMatching": "string",
    "recipientMatching": "string"
    "addedBy": "integer",
    "editedBy": "integer"
    "updateTime": "string"
}]

Response Parameters

The response parameters:

Parameter

Type

Description

responseEnvelope

Object

A container of metadata properties

 

requestId

String

Request ID (from the request header x-av-req-id value)

 

responseCode

Integer

0 = Success

Other values = Failure

 

responseTest

String

The text value of the response

 

additionalText

String

Additional information

 

recordsNumber

Integer

Number of records in response

 

totalRecordsNumber

Integer

Total number of records

 

scrollId

String

Unique ID used for scrolling

responseData

Object

Array of exception entities

 

entityId

String

Entity ID

 

attachmentMd5

String

Attachment MD5 hash

 

senderEmail

String

Sender's email

 

senderName

String

Sender's name

 

recipient

String

Recipient

 

senderClientIp

String

Sender client IP

 

senderDomain

String

Sender domain

 

senderIp

String

Sender IP

 

linkDomains

String

Link to domains

 

subject

String

Subject

 

comment

String

Exception comment

 

actionNeeded

String

Detection type that would be generated by the rule:

  • spam

  • phishing

Note - This parameter applies only to Blacklist.

 

subjectMatching

String

Subject matching type:

  • contains

  • match

 

linkDomainMatching

String

Link to domains matching type:

  • contains

  • match

 

senderNameMatching

String

Sender name matching type:

  • contains

  • match

 

senderDomainMatching

String

Sender domain matching type:

  • endswith

  • match

 

recipientMatching

String

Recipient matching type:

  • contains

  • match

Response Sample

A valid response from the service:

Copy
{
    "responseEnvelope"
    {
        "requestId": "07070caa-b73a-4125-820d-8509d83e004e"
        "responseCode": 200,
        "responseText": "",
        "additionalText": ""
        "recordsNumber": 1
        "scrollId": ""
    },
    "responseData": [
    {
        "entityId": "121775995"
        "attachmentMd5": null,
        "senderEmail": "user@email.com"
        "senderName": null,
        "recipient": null,
        "senderClientIp": null,
        "senderDomain": null,
        "senderIp": null
        "linkDomains": null,
        "subject": "AUT-phish-prod3-17-_200923_23_11_3",
        "comment": "",
        "actionNeeded": ""
        "matchOnlyFuture": "",
        "quarantineAll": null
        "ignoringSpfCheck": false,
        "subjectMatching": "contains"
        "linkDomainMatching": null,
        "senderNameMatching": ""
        "senderDomainMatching": ""
        "senderEmailMatching": "",
        "recipientMatching": ""
        "addedBy": "5",
        "editedBy": null,
        "updateTime": "2020-09-25T21:54:17.706787"
    }
    ]
}