Update Blocked Lists | Trend Micro Service Central

Adds or removes senders, URLs, SHA-1 hash values, and/or SHA-256 hash values to or from the blocked lists on Cloud App Security.

HTTPS Request

POST https://<serviceURL>/v1/remediation/mails

Request Parameters

Important

The request must contain the required parameters.

Parameter	Description
Required Parameter
`action_type`	Add one or multiple email senders, URLs, SHA-1 hash values, and SHA-256 hash values to or remove them from the blocked lists. Options include: create: add to the blocked lists delete: remove from the blocked lists
`rules`	Blocked sender, URL, SHA-1 hash value, and SHA-256 hash value lists to configure
Optional Parameter
`senders`	A list of sending email addresses
`urls`	A list of URLs included in email messages
`filehashes`	A list of SHA-1 hash values of email attachments
`file256hashes`	A list of SHA-256 hash values of email attachments

Note

To use this API properly, specify at least one of senders, urls, filehashes, and file256hashes. You can configure one or multiple blocked lists at a time. A maximum of 2,048 items in each list is supported.

Request Example

Example 1: add senders, URLs, SHA-1 hash values, and SHA-256 hash values to the blocked lists

POST https://<serviceURL>/v1/remediation/mails
Authorization: Bearer 1de231142eef3f83928da98dc251fbebb6cafe77
Content-Type: application/json

{
    "action_type":"create",
    "rules": {
        "senders": [
            "user1@example1.com",
            "user2@example2.com"
        ],
        "urls": ["https://test.example.com"],
        "filehashes": [
            "f3cdddb37f6a933d6a256bd98b4bc703a448c677",
            "c14bffeecbaf61516893d766e1b525bd920da077"
        ],
        "file256hashes": [
            "2eb49162d4977bd96d6918a7602b5451adfd2c498c44592574b5741b3b585fc6",
            "233dac1fdc6a5d0347b4da75a112759501abe908c75b8436769fc3c846c40767"
        ]
    }
}

Example 2: remove senders, URLs, SHA-1 hash values, and SHA-256 hash values from the blocked lists

POST https://<serviceURL>/v1/remediation/mails
Authorization: Bearer 1de231142eef3f83928da98dc251fbebb6cafe77

{
    "action_type":"delete",
    "rules": {
        "senders": [
            "user1@example1.com",
            "user2@example2.com"
        ],
        "urls": ["https://test.example.com"],
        "filehashes": [
            "f3cdddb37f6a933d6a256bd98b4bc703a448c677",
            "c14bffeecbaf61516893d766e1b525bd920da077"
        ],
        "file256hashes": [
            "2eb49162d4977bd96d6918a7602b5451adfd2c498c44592574b5741b3b585fc6",
            "233dac1fdc6a5d0347b4da75a112759501abe908c75b8436769fc3c846c40767"
        ]
    }
}

Response

On success, the service sends back an HTTP 200 response and returns a response body in JSON format; otherwise, the service sends back an error message in JSON format with error details. For more information about errors, see API Responses.

Response Example

HTTP/1.1 201
Content-Type: application/json

{
  "code": 0,
  "msg": "Add to rules successfully."
}

Response Fields

The following table describes the available fields for the response body.

Field	Data Type	Description
`code`	Integer	Result code of the request. For an HTTP 200 response, the value is fixed to 0
`message`	String	String describing the result code. For an HTTP 200 response, the value is Add rules successfully. or Delete rules successfully. You can go to the Cloud App Security management console or use the Get Blocked Lists API to view the updated blocked lists.