API Reference

Create a new Livehunt ruleset

post
https://www.virustotal.com/api/v3/intelligence/hunting_rulesets

This endpoint creates a new VT Hunting Livehunt ruleset. The request's body must have the following structure:

{
  "data": {
    "type": "hunting_ruleset",
    "attributes": {
      "name": "foobar",
      "enabled": true,
      "limit": 100,
      "rules": "rule foobar { strings: $ = \"foobar\" condition: all of them }",
      "notification_emails": ["[email protected]", "[email protected]"],
      "match_object_type": "file"
    }
  }
}

Use the match_object_type to specify the expected entity kind to match with this ruleset. Allowed values are file, url, domain and ip.

The name and rules attributes are required, the remaining ones are optional.

{
  "type": "hunting_ruleset",
  "id": "{id}",
  "links": {
    "self": "https://www.virustotal.com/api/v3/intelligence/hunting_ruleset/{id}"
  },
  "data": {
    "attributes": {
      "name": "foobar",
      "enabled": true,
      "limit": 100,
      "creation_date": 1521016318,
      "modification_date": 1521016318,
      "number_of_rules": 1,
      "rules": "rule foobar { strings: $ = \"foobar\" condition: all of them }",
      "notification_emails": ["[email protected]"],
      "match_object_type": "file"
    }
  }
}
Body Params
json
required
Defaults to { "type": "hunting_ruleset", "attributes": { "name": "Test ruleset", "enabled": true, "limit": 100, "rules": "rule foobar { strings: $ = \"foobar\" condition: all of them }", "notification_emails": [], "match_object_type": "file" } }
Headers
string
required

Updated 4 months ago

Language
LoadingLoading…
Response
Click Try It! to start a request and see the response here!

Updated 4 months ago