Managing Exceptions

Get all existing exceptions

URI - GET

To use this endpoint, send a GET request to get the exceptions list: /exceptions/{excType}

Request

The request includes HTTP headers (obtained in the authentication/authorization process and used to sign the request) with request string parameters.

Request Headers

Header	Type	Required	Format	Description/Sample
x-av-req-id	String	Yes	UUID – Generated and supplied on the request.	d290f1ee-6c54-4b01-90e6-d701748f085 1
Authorization	Bearer Token	Yes	Bearer <API Access Token>	A string Bearer followed by the API Access Token. See Generating API Access Token. For example, assuming that the API Access Token is 1234, the Bearer Token will be Bearer 1234

Header

Type

Required

Format

Description/Sample

x-av-req-id

String

Yes

UUID – Generated and supplied on the request.

d290f1ee-6c54-4b01-90e6-d701748f085 1

Authorization

Bearer Token

Yes

Bearer <API Access Token>

A string Bearer followed by the API Access Token. See Generating API Access Token.

For example, assuming that the API Access Token is 1234, the Bearer Token will be Bearer 1234

Request String Parameters

Parameter	Type	Required	Format	Description/Sample
excType	String	Yes		Exception type: Whitelist Blacklist

Parameter

Type

Required

Format

Description/Sample

excType

String

Yes

Exception type:

Whitelist
Blacklist

Request Body

Not applicable for GET method.

Request sample (CURL) format

This request sample shows URI base in USA region. For URI base in other regions, see URLs and URL Base.

Copy

curl -X GET -H "Accept: application/json" \
    -H “"-av-req-id: d290f1ee-6c54-4b01-90e6-d701748f0851" \
    -H "Authorization: Bearer 2462b23346ab0642b65d7d094aca5fb4c29fd96d0468deceae2704d258e81497" \
    https://cloudinfra-gw-us.portal.checkpoint.com/app/hec-api/v1.0/exceptions/whitelist

Response

The response obtained from the service includes an HTTP response code and JSON formatted structure.

Response Structure

A valid response obtained from the service (JSON format):

Copy

[{
    "entityId": "string",
    "attachmentMd5": "string",
    "senderEmail": "string", 
    "senderName": "string", 
    "recipient": "string", 
    "senderClientIp": "string", 
    "senderDomain": "string", 
    "senderIp": "string", 
    "linkDomains": "string",
    "subject": "string",
    "comment": "string", 
    "actionNeeded": "string",
    "matchOnlyFuture": "string",
    "quarantineAll": "string", 
    "ignoringSpfCheck": "boolean", 
    "subjectMatching": "string", 
    "linkDomainMatching": "string",
    "senderNameMatching": "string",
    "senderDomainMatching": "string",
    "senderEmailMatching": "string",
    "recipientMatching": "string", 
    "addedBy": "integer",
    "editedBy": "integer", 
    "updateTime": "string"
}]

Response Parameters

The response parameters:

Parameter		Type	Description
responseEnvelope		Object	A container of metadata properties.
	requestId	String	Unique identifier for the event.
	responseCode	Integer	Status code HTTP API code response.
	responseTest	String	Human-readable message about the response status.
	additionalText	String	Additional information.
	recordsNumber	Integer	Number of records found.
	totalRecordsNumber	Integer	Total number of records
	scrollId	String	Pagination id to get next batch of records.
responseData		Object	Array of exception entities.
	entityId	String	Unique identifier for the entity.
	attachmentMd5	String	MD5 hash of the attachment, if present.
	senderEmail	String	Email address of the sender.
	senderName	String	Display name of the sender.
	recipient	String	Recipient's email address.
	senderClientIp	String	IP address of the sender's client.
	senderDomain	String	Domain of the sender's email address.
	senderIp	String	IP address of the sender.
	linkDomains	String	Comma-separated list of domains found in email links.
	subject	String	Subject line of the email.
	comment	String	Comment added by the creator of the exception.
	actionNeeded	String	Any action that needs to be taken.
	ignoringSpfCheck	Boolean	Indicates if SPF check was ignored.
	subjectMatching	String	Information about subject matching criteria.
	linkDomainMatching	String	Information about matching of link domains.
	senderNameMatching	String	Information about sender name matching.
	senderDomainMatchi ng	String	Information about sender domain matching.
	senderEmailMatching	String	Information about sender email matching.
	recipientMatching	String	Information about recipient matching.
	addedBy	String	User who added this entry.
	editedBy	String	User who last edited this entry.
	updateTime	String	Timestamp of the last update.

Response Sample

A valid response from the service:

Copy

{
    "responseEnvelope": 
    {
        "requestId": "07070caa-b73a-4125-820d-8509d83e004e", 
        "responseCode": 200,
        "responseText": "",
        "additionalText": "", 
        "recordsNumber": 1, 
        "scrollId": ""
    },
    "responseData": [
    {
        "entityId": "121775995", 
        "attachmentMd5": null,
        "senderEmail": "user@email.com", 
        "senderName": null,
        "recipient": null,
        "senderClientIp": null,
        "senderDomain": null,
        "senderIp": null, 
        "linkDomains": null,
        "subject": "AUT-phish-prod3-17-_200923_23_11_3",
        "comment": "",
        "actionNeeded": "", 
        "matchOnlyFuture": "",
        "quarantineAll": null, 
        "ignoringSpfCheck": false,
        "subjectMatching": "contains", 
        "linkDomainMatching": null,
        "senderNameMatching": "", 
        "senderDomainMatching": "", 
        "senderEmailMatching": "",
        "recipientMatching": "", 
        "addedBy": "5",
        "editedBy": null,
        "updateTime": "2020-09-25T21:54:17.706787"
    }
    ]
}