Help Center/ Host Security Service/ API Reference (Ally Region)/ API Description/ Ransomware Prevention/ Modifying Ransomware Protection Policies
Updated on 2026-01-12 GMT+08:00
Online Debugging
CLI Examples
View PDF
Share

Modifying Ransomware Protection Policies

Function

This API is used to modify ransomware protection policies.

URI

PUT /v5/{project_id}/ransomware/protection/policy

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID
Table 2 Query Parameters

Parameter

Mandatory

Type

Description

enterprise_project_id

No

String

Enterprise project ID. To query all enterprise projects, set this parameter to all_granted_eps.

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token.

It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.

region

Yes

String

Region ID
Table 4 Request body parameters

Parameter

Mandatory

Type

Description

policy_id

Yes

String

Policy ID

policy_name

Yes

String

Policy name

protection_mode

Yes

String

Action. Its value can be:

  • alarm_and_isolation: Report an alarm and isolate.

  • alarm_only: Only report alarms.

bait_protection_status

No

String

Whether to enable honeypot protection. By default, the protection is enabled. Its value can be:

  • opened

  • closed

protection_directory

Yes

String

Protected directory. Separate multiple directories with semicolons (;). You can configure up to 20 directories.

protection_type

Yes

String

Protected file type, for example, .docx, .txt, and .avi.

exclude_directory

No

String

(Optional) Excluded directory. Separate multiple directories with semicolons (;). You can configure up to 20 directories.

agent_id_list

No

Array of strings

Specifies the IDs of agents for which the ransomware protection policy is enabled.

operating_system

Yes

String

OSs supported by the policy. The options are as follows:

  • Windows

  • Linux

runtime_detection_status

No

String

Whether to perform runtime checks. The options are as follows. Currently, it can only be disabled. This field is reserved.

  • opened

  • closed

process_whitelist

No

Array of TrustProcessInfo objects

Process whitelist
Table 5 TrustProcessInfo

Parameter

Mandatory

Type

Description

path

No

String

Indicates the process path.

hash

No

String

Process hash

Response Parameters

Status code: 200

Request succeeded.

None

Example Requests

Modify the ransomware protection policy. Set the OS type to Linux, protection policy ID to 0253edfd-30e7-439d-8f3f-17c54c997064, and protection action to alert only.

PUT https://{endpoint}/v5/{project_id}/ransomware/protection/policy

{
  "bait_protection_status" : "opened",
  "protection_type" : "docx",
  "exclude_directory" : "",
  "operating_system" : "Linux",
  "policy_id" : "0253edfd-30e7-439d-8f3f-17c54c997064",
  "policy_name" : "aaa",
  "protection_mode" : "alarm_only",
  "protection_directory" : "/root",
  "runtime_detection_status" : "closed",
  "agent_id_list" : [ "" ]
}

Example Responses

None

Status Codes

Status Code

Description

200

Request succeeded.

Error Codes

See Error Codes.

Parent topic: Ransomware Prevention