Managing Exceptions

Get all existing exceptions

URI - GET

To use this endpoint, send a GET request to get the exceptions list: /exceptions/{excType}

Request

The request includes HTTP headers (obtained in the authentication/authorization process and used to sign the request) with request string parameters.

Request Headers

Header	Type	Required	Format	Description/Sample
x-av-req-id	String	Yes	UUID – Generated and supplied on the request.	d290f1ee-6c54-4b01-90e6-d701748f085 1
Authorization	Bearer Token	Yes	Bearer <API Access Token>	A string Bearer followed by the API Access Token. See Generating API Access Token. For example, assuming that the API Access Token is 1234, the Bearer Token will be Bearer 1234

Header

Type

Required

Format

Description/Sample

x-av-req-id

String

Yes

UUID – Generated and supplied on the request.

d290f1ee-6c54-4b01-90e6-d701748f085 1

Authorization

Bearer Token

Yes

Bearer <API Access Token>

A string Bearer followed by the API Access Token. See Generating API Access Token.

For example, assuming that the API Access Token is 1234, the Bearer Token will be Bearer 1234

Request String Parameters

Parameter	Type	Required	Format	Description/Sample
excType	String	Yes		Exception type: Whitelist Blacklist

Parameter

Type

Required

Format

Description/Sample

excType

String

Yes

Exception type:

Whitelist
Blacklist

Request Body

Not applicable for GET method.

Request sample (CURL) format

This request sample shows URI base in USA region. For URI base in other regions, see URLs and URL Base.

Copy

curl -X GET -H "Accept: application/json" \
    -H “"-av-req-id: d290f1ee-6c54-4b01-90e6-d701748f0851" \
    -H "Authorization: Bearer 2462b23346ab0642b65d7d094aca5fb4c29fd96d0468deceae2704d258e81497" \
    https://cloudinfra-gw-us.portal.checkpoint.com/app/hec-api/v1.0/exceptions/whitelist

Response

The response obtained from the service includes an HTTP response code and JSON formatted structure.

Response Structure

A valid response obtained from the service (JSON format):

Copy

[{
    "entityId": "string",
    "attachmentMd5": "string",
    "senderEmail": "string", 
    "senderName": "string", 
    "recipient": "string", 
    "senderClientIp": "string", 
    "senderDomain": "string", 
    "senderIp": "string", 
    "linkDomains": "string",
    "subject": "string",
    "comment": "string", 
    "actionNeeded": "string",
    "matchOnlyFuture": "string",
    "quarantineAll": "string", 
    "ignoringSpfCheck": "boolean", 
    "subjectMatching": "string", 
    "linkDomainMatching": "string",
    "senderNameMatching": "string",
    "senderDomainMatching": "string",
    "senderEmailMatching": "string",
    "recipientMatching": "string", 
    "addedBy": "integer",
    "editedBy": "integer", 
    "updateTime": "string"
}]

Response Parameters

The response parameters:

Parameter		Type	Description
responseEnvelope		Object	A container of metadata properties
	requestId	String	Request ID (from the request header x-av-req-id value)
	responseCode	Integer	0 = Success Other values = Failure
	responseTest	String	The text value of the response
	additionalText	String	Additional information
	recordsNumber	Integer	Number of records in response
	totalRecordsNumber	Integer	Total number of records
	scrollId	String	Unique ID used for scrolling
responseData		Object	Array of exception entities
	entityId	String	Entity ID
	attachmentMd5	String	Attachment MD5 hash
	senderEmail	String	Sender's email
	senderName	String	Sender's name
	recipient	String	Recipient
	senderClientIp	String	Sender client IP
	senderDomain	String	Sender domain
	senderIp	String	Sender IP
	linkDomains	String	Link to domains
	subject	String	Subject
	comment	String	Exception comment
	actionNeeded	String	Detection type that would be generated by the rule: spam phishing Note - This parameter applies only to Blacklist.
	subjectMatching	String	Subject matching type: contains match
	linkDomainMatching	String	Link to domains matching type: contains match
	senderNameMatching	String	Sender name matching type: contains match
	senderDomainMatching	String	Sender domain matching type: endswith match
	recipientMatching	String	Recipient matching type: contains match

Response Sample

A valid response from the service:

Copy

{
    "responseEnvelope": 
    {
        "requestId": "07070caa-b73a-4125-820d-8509d83e004e", 
        "responseCode": 200,
        "responseText": "",
        "additionalText": "", 
        "recordsNumber": 1, 
        "scrollId": ""
    },
    "responseData": [
    {
        "entityId": "121775995", 
        "attachmentMd5": null,
        "senderEmail": "user@email.com", 
        "senderName": null,
        "recipient": null,
        "senderClientIp": null,
        "senderDomain": null,
        "senderIp": null, 
        "linkDomains": null,
        "subject": "AUT-phish-prod3-17-_200923_23_11_3",
        "comment": "",
        "actionNeeded": "", 
        "matchOnlyFuture": "",
        "quarantineAll": null, 
        "ignoringSpfCheck": false,
        "subjectMatching": "contains", 
        "linkDomainMatching": null,
        "senderNameMatching": "", 
        "senderDomainMatching": "", 
        "senderEmailMatching": "",
        "recipientMatching": "", 
        "addedBy": "5",
        "editedBy": null,
        "updateTime": "2020-09-25T21:54:17.706787"
    }
    ]
}