PUT
/
detection
/
custom
Create a custom detection
curl --request PUT \
  --url https://api.wirespeed.co/detection/custom \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "name": "<string>",
  "description": "<string>",
  "category": "OTHER__DIAGNOSTIC",
  "query": "<string>"
}'
{
  "id": "<string>",
  "name": "<string>",
  "category": "<string>",
  "description": "<string>",
  "query": "<string>",
  "lastRan": "<string>",
  "createdAt": "<string>",
  "enabled": true,
  "createdBy": "<string>"
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json
name
string
required

Name of the custom detection

category
enum<string>
required

Category of the custom detection

Available options:
OTHER__DIAGNOSTIC,
OTHER__INFORMATIONAL_EVENT,
OTHER__WARNING,
OTHER__UNKNOWN,
OTHER__DECEPTION,
OTHER__CUSTOM_DETECTION,
CLOUD__INVOCATION,
CLOUD__DISCOVERY,
CLOUD__DATA_TRANSFER,
CLOUD__PERSISTENCE,
ENDPOINT__DISCOVERY,
ENDPOINT__EXECUTION,
ENDPOINT__LIVE_OFF_THE_LAND,
ENDPOINT__NUISANCE,
ENDPOINT__MALWARE_DISCOVERY,
ENDPOINT__MALWARE_EXECUTION,
ENDPOINT__LATE_STAGE,
ENDPOINT__PERSISTENCE,
ENDPOINT__REMOTE_MANAGEMENT,
ENDPOINT__LATERAL_MOVEMENT,
ENDPOINT__IMPACT,
ENDPOINT__EVASION,
IDENTITY__LOGIN,
IDENTITY__REJECTED_MFA,
IDENTITY__DISCOVERY,
IDENTITY__BRUTE_FORCE,
IDENTITY__PUBLIC_CREDENTIAL_EXPOSURE,
IDENTITY__PRIVATE_CREDENTIAL_EXPOSURE,
IDENTITY__PERSISTENCE,
IDENTITY__ACCOUNT_COMPROMISE,
NETWORK__INBOUND_CONNECTION,
NETWORK__OUTBOUND_CONNECTION,
NETWORK__PHISHING,
NETWORK__NOISY,
EMAIL__PHISHING,
EMAIL__PHISHING_REPORTED,
EMAIL__MALWARE,
EMAIL__MALICIOUS_LINK,
EMAIL__GRAYMAIL,
EMAIL__SPAM,
EMAIL__BUSINESS_EMAIL_COMPROMISE,
DATA__DATA_TRANSFER,
DATA__DATA_SHARE,
POSTURE__POSTURE
query
string
required

Query of the custom detection

description
string

Description of the custom detection

Response

id
string
required

Unique identifier for the custom detection

name
string
required

Name of the custom detection

category
string
required

Category of the custom detection

query
string
required

Query of the custom detection

lastRan
string
required

Timestamp when the custom detection was last run

createdAt
string
required

Timestamp when the custom detection was created

enabled
boolean
required

Whether the custom detection is enabled

createdBy
string
required

Email or ID of the user who created the custom detection

description
string

Description of the custom detection