postuploadcustomdetectionhashlist
The postuploadcustomdetectionhashlist operation handles configuration related to FileUploadStatus model.
Description
This API call is not allowed on the standby unit in an HA pair.
If a file is added to this list, the system treats it as if the AMP cloud assigned a malware disposition. If a file has a disposition in the AMP cloud that you know to be incorrect, you can add the file’s SHA-256 value to a file list that overrides the disposition from the cloud. To treat a file as if the AMP cloud assigned a malware disposition, add the file to the custom detection list.You can add multiple SHA-256 values to a Custom Detection List file by uploading a comma-separated value (CSV) source file containing a list of SHA-256 values and descriptions. The Custom Detection List file must be a simple text file with a .csv file name extension. Any header must start with a pound sign (#); it is treated as a comment and not uploaded. The system ignores any additional information in the entry.
Note the following:
1. Deleting a Custom Detection List file from the file list also removes all associated SHA-256 hashes from the file list.
2. You cannot upload Custom Detection List file if SHA-256 count is going to be more than 10000 SHA-256 values.
3. The system truncates descriptions exceeding 256 characters to the first 256 characters on upload. If the description contains commas, you must use an escape character (,).
4. If a Custom Detection List file contains a SHA-256 value and you upload a Custom Detection List file containing that value, the newly uploaded value does not modify the existing SHA-256 value. When viewing captured files, file events, or malware events related to the SHA-256 value, any threat name or description is derived from the individual SHA-256 value. You cannot directly edit a Custom Detection List file. To make changes, you must first modify your Custom Detection List file directly, delete the copy on the system, then upload the modified Custom Detection List file. The number of entries associated with a Custom Detection List file refers to the total number of SHA-256 values. If you delete a Custom Detection List file from a Custom Detection List file list, the total number of SHA-256 entries the file list contains decreases by the number of entries in the Custom Detection List file
Data Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| version | False | string | A unique string version assigned by the system when the object is created or modified. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete an existing object. As the version will change every time the object is modified, the value provided in this identifier must match exactly what is present in the system or the request will be rejected. | |||
| name | False | string | A string that represents the name of the object | |||
| fileName | False | string | A String object representing the filename of the file being uploaded. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| id | False | string | A unique string identifier assigned by the system when the object is created. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete (or reference) an existing object. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | |||
Example
- name: Execute 'postuploadcustomdetectionhashlist' operation
ftd_configuration:
operation: "postuploadcustomdetectionhashlist"
data:
version: "{{ version }}"
name: "{{ name }}"
fileName: "{{ file_name }}"
id: "{{ id }}"
type: "{{ type }}"