post https://www.virustotal.com/api/v3/intelligence/hunting_rulesets
This endpoint creates a new Google Threat Intelligence Hunting Livehunt ruleset. The request's body must have the following structure:
{
"data": {
"type": "hunting_ruleset",
"attributes": {
"name": "foobar",
"enabled": true,
"limit": 100,
"rules": "rule foobar { strings: $ = \"foobar\" condition: all of them }",
"notification_emails": ["wcoyte@acme.com", "rrunner@acme.com"],
"match_object_type": "file"
}
}
}
Use the match_object_type to specify the expected entity kind to match with this ruleset. Allowed values are file, url, domain and ip.
The name and rules attributes are required, the remaining ones are optional.
{
"type": "hunting_ruleset",
"id": "{id}",
"links": {
"self": "https://www.virustotal.com/api/v3/intelligence/hunting_ruleset/{id}"
},
"data": {
"attributes": {
"name": "foobar",
"enabled": true,
"limit": 100,
"creation_date": 1521016318,
"modification_date": 1521016318,
"number_of_rules": 1,
"rules": "rule foobar { strings: $ = \"foobar\" condition: all of them }",
"notification_emails": ["notifications@acme.com"],
"match_object_type": "file"
}
}
}