Will Chronicle API (dataplane api) support curated rule exclusions?

Question

Just curious if anyone has any word on if the dataplane api will eventually support exclusion creation for curated rules:

I see this type in the documentation, but not any endpoint that accepts or returns its:

https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/DetectionExclusionApplication

Maybe this was accidentally added but the support is planned?

What i'm trying to do:

Programatically add/remove an exclusion for a rule name. (in ui, you would go to Detections > Rule & Detections > Exclusions Tab > Create Rule Exclusion > (fill in details) -> Create Exclusion

Thanks!

\\- Mike

hzmndt · Accepted Answer

@mwisener

Refer to this script -> https://github.com/chronicle/detection-rules/blob/main/tools/content_manager/content_manager/rule_exclusions.py

You can use the API to manage the curated rule exclusions.

https://cloud.google.com/chronicle/docs/reference/rest#rest-resource:-v1alpha.projects.locations.instances.findingsrefinements

mwisener · Answer

Amazing, thanks much @hzmndt! I'll dig into this.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded