Managing Exceptions
Get all existing exceptions
URI - GET
To use this endpoint, send a GET request to get the exceptions list: /exceptions/{excType}
Request
The request includes HTTP headers (obtained in the authentication/authorization process and used to sign the request) with request string parameters.
Request Headers
Header |
Type |
Required |
Format |
Description/Sample |
---|---|---|---|---|
x-av-req-id |
String |
Yes |
UUID – Generated and supplied on the request. |
d290f1ee-6c54-4b01-90e6-d701748f085 1 |
Authorization |
Bearer Token |
Yes |
Bearer <API Access Token> |
A string Bearer followed by the API Access Token. See Generating API Access Token. For example, assuming that the API Access Token is 1234, the Bearer Token will be Bearer 1234 |
Request String Parameters
Parameter |
Type |
Required |
Format |
Description/Sample |
---|---|---|---|---|
excType |
String |
Yes |
|
Exception type:
|
Request Body
Not applicable for GET method.
Request sample (CURL) format
This request sample shows URI base in USA region. For URI base in other regions, see URLs and URL Base.
curl -X GET -H "Accept: application/json" \
-H “"-av-req-id: d290f1ee-6c54-4b01-90e6-d701748f0851" \
-H "Authorization: Bearer 2462b23346ab0642b65d7d094aca5fb4c29fd96d0468deceae2704d258e81497" \
https://cloudinfra-gw-us.portal.checkpoint.com/app/hec-api/v1.0/exceptions/whitelist
Response
The response obtained from the service includes an HTTP response code and JSON formatted structure.
Response Structure
A valid response obtained from the service (JSON format):
[{
"entityId": "string",
"attachmentMd5": "string",
"senderEmail": "string",
"senderName": "string",
"recipient": "string",
"senderClientIp": "string",
"senderDomain": "string",
"senderIp": "string",
"linkDomains": "string",
"subject": "string",
"comment": "string",
"actionNeeded": "string",
"matchOnlyFuture": "string",
"quarantineAll": "string",
"ignoringSpfCheck": "boolean",
"subjectMatching": "string",
"linkDomainMatching": "string",
"senderNameMatching": "string",
"senderDomainMatching": "string",
"senderEmailMatching": "string",
"recipientMatching": "string",
"addedBy": "integer",
"editedBy": "integer",
"updateTime": "string"
}]
Response Parameters
The response parameters:
Parameter |
Type |
Description |
|
---|---|---|---|
responseEnvelope |
Object |
A container of metadata properties |
|
|
requestId |
String |
Request ID (from the request header x-av-req-id value) |
|
responseCode |
Integer |
0 = Success Other values = Failure |
|
responseTest |
String |
The text value of the response |
|
additionalText |
String |
Additional information |
|
recordsNumber |
Integer |
Number of records in response |
|
totalRecordsNumber |
Integer |
Total number of records |
|
scrollId |
String |
Unique ID used for scrolling |
responseData |
Object |
Array of exception entities |
|
|
entityId |
String |
Entity ID |
|
attachmentMd5 |
String |
Attachment MD5 hash |
|
senderEmail |
String |
Sender's email |
|
senderName |
String |
Sender's name |
|
recipient |
String |
Recipient |
|
senderClientIp |
String |
Sender client IP |
|
senderDomain |
String |
Sender domain |
|
senderIp |
String |
Sender IP |
|
linkDomains |
String |
Link to domains |
|
subject |
String |
Subject |
|
comment |
String |
Exception comment |
|
actionNeeded |
String |
Detection type that would be generated by the rule:
Note - This parameter applies only to Blacklist. |
|
subjectMatching |
String |
Subject matching type:
|
|
linkDomainMatching |
String |
Link to domains matching type:
|
|
senderNameMatching |
String |
Sender name matching type:
|
|
senderDomainMatching |
String |
Sender domain matching type:
|
|
recipientMatching |
String |
Recipient matching type:
|
Response Sample
A valid response from the service:
{
"responseEnvelope":
{
"requestId": "07070caa-b73a-4125-820d-8509d83e004e",
"responseCode": 200,
"responseText": "",
"additionalText": "",
"recordsNumber": 1,
"scrollId": ""
},
"responseData": [
{
"entityId": "121775995",
"attachmentMd5": null,
"senderEmail": "user@email.com",
"senderName": null,
"recipient": null,
"senderClientIp": null,
"senderDomain": null,
"senderIp": null,
"linkDomains": null,
"subject": "AUT-phish-prod3-17-_200923_23_11_3",
"comment": "",
"actionNeeded": "",
"matchOnlyFuture": "",
"quarantineAll": null,
"ignoringSpfCheck": false,
"subjectMatching": "contains",
"linkDomainMatching": null,
"senderNameMatching": "",
"senderDomainMatching": "",
"senderEmailMatching": "",
"recipientMatching": "",
"addedBy": "5",
"editedBy": null,
"updateTime": "2020-09-25T21:54:17.706787"
}
]
}