Skip to main content
PATCH
/
detection
/
custom
/
{id}
Update a custom detection
curl --request PATCH \
  --url https://api.wirespeed.co/detection/custom/{id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "query": "<string>",
  "description": "<string>",
  "enabled": true,
  "category": "OTHER__DIAGNOSTIC"
}
'
{
  "id": "<string>",
  "name": "<string>",
  "category": "<string>",
  "query": "<string>",
  "lastRan": "<string>",
  "createdAt": "<string>",
  "enabled": true,
  "createdBy": "<string>",
  "description": "<string>"
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

id
string
required

Custom detection identifier

Body

application/json
name
string

Name of the custom detection

query
string

Query of the custom detection

description
string

Description of the custom detection

enabled
boolean

Whether the custom detection is enabled

category
enum<string>

Category of the custom detection

Available options:
OTHER__DIAGNOSTIC,
OTHER__INFORMATIONAL_EVENT,
OTHER__WARNING,
OTHER__UNKNOWN,
OTHER__DECEPTION,
OTHER__CUSTOM_DETECTION,
CLOUD__INVOCATION,
CLOUD__DISCOVERY,
CLOUD__DATA_TRANSFER,
CLOUD__PERSISTENCE,
ENDPOINT__DISCOVERY,
ENDPOINT__EXECUTION,
ENDPOINT__LIVE_OFF_THE_LAND,
ENDPOINT__NUISANCE,
ENDPOINT__MALWARE_DISCOVERY,
ENDPOINT__MALWARE_EXECUTION,
ENDPOINT__LATE_STAGE,
ENDPOINT__PERSISTENCE,
ENDPOINT__REMOTE_MANAGEMENT,
ENDPOINT__LATERAL_MOVEMENT,
ENDPOINT__IMPACT,
ENDPOINT__EVASION,
ENDPOINT__EXPLOITATION,
ENDPOINT__SIMULATION,
IDENTITY__LOGIN,
IDENTITY__REJECTED_MFA,
IDENTITY__DISCOVERY,
IDENTITY__BRUTE_FORCE,
IDENTITY__PUBLIC_CREDENTIAL_EXPOSURE,
IDENTITY__PRIVATE_CREDENTIAL_EXPOSURE,
IDENTITY__PERSISTENCE,
IDENTITY__ACCOUNT_COMPROMISE,
NETWORK__INBOUND_CONNECTION,
NETWORK__OUTBOUND_CONNECTION,
NETWORK__PHISHING,
NETWORK__NOISY,
EMAIL__PHISHING,
EMAIL__PHISHING_REPORTED,
EMAIL__EVASION,
EMAIL__MALWARE,
EMAIL__MALICIOUS_LINK,
EMAIL__GRAYMAIL,
EMAIL__SPAM,
EMAIL__BUSINESS_EMAIL_COMPROMISE,
DATA__DATA_TRANSFER,
DATA__DATA_SHARE,
POSTURE__POSTURE

Response

id
string
required

Unique identifier for the custom detection

name
string
required

Name of the custom detection

category
string
required

Category of the custom detection

query
string
required

Query of the custom detection

lastRan
string
required

Timestamp when the custom detection was last run

createdAt
string
required

Timestamp when the custom detection was created

enabled
boolean
required

Whether the custom detection is enabled

createdBy
string
required

Email or ID of the user who created the custom detection

description
string

Description of the custom detection