post https://www.virustotal.com/api/v3/intelligence/hunting_rulesets
This endpoint creates a new Google Threat Intelligence Hunting Livehunt ruleset. The request's body must have the following structure:
{
"data": {
"type": "hunting_ruleset",
"attributes": {
"name": "foobar",
"enabled": true,
"limit": 100,
"rules": "rule foobar { strings: $ = \"foobar\" condition: all of them }",
"notification_emails": ["[email protected]", "[email protected]"],
"match_object_type": "file"
}
}
}
Use the match_object_type
to specify the expected entity kind to match with this ruleset. Allowed values are file
, url
, domain
and ip
.
The name
and rules
attributes are required, the remaining ones are optional.
{
"type": "hunting_ruleset",
"id": "{id}",
"links": {
"self": "https://www.virustotal.com/api/v3/intelligence/hunting_ruleset/{id}"
},
"data": {
"attributes": {
"name": "foobar",
"enabled": true,
"limit": 100,
"creation_date": 1521016318,
"modification_date": 1521016318,
"number_of_rules": 1,
"rules": "rule foobar { strings: $ = \"foobar\" condition: all of them }",
"notification_emails": ["[email protected]"],
"match_object_type": "file"
}
}
}