{"swagger": "2.0", "basePath": "/api", "paths": {"/account/private/edit": {"post": {"responses": {"200": {"description": "Success"}}, "operationId": "post_edit_user", "tags": ["Private account action \ud83d\udd11 (with api key)"]}}, "/account/private/favorite/delete_rule": {"post": {"responses": {"200": {"description": "Success"}}, "operationId": "post_remove_rule_favorite", "tags": ["Private account action \ud83d\udd11 (with api key)"]}}, "/account/private/favorite/get_rules_page_favorite": {"get": {"responses": {"200": {"description": "Success"}}, "operationId": "get_get_rules_page_favorite", "tags": ["Private account action \ud83d\udd11 (with api key)"]}}, "/account/public/login": {"post": {"responses": {"200": {"description": "Success"}}, "description": "Connect an user", "operationId": "post_login", "parameters": [{"description": "User email", "name": "email", "type": "string", "in": "query"}, {"description": "User password", "name": "password", "type": "string", "in": "query"}, {"description": "Boolean to keep the user logged in", "name": "remember_me", "type": "string", "in": "query"}], "tags": ["Public account action \u2705"]}}, "/account/public/logout": {"post": {"responses": {"200": {"description": "Success"}}, "description": "Logout an user", "operationId": "post_logout", "tags": ["Public account action \u2705"]}}, "/account/public/register": {"post": {"responses": {"200": {"description": "Success"}}, "description": "Add new user", "operationId": "post_register", "parameters": [{"description": "User email", "name": "email", "type": "string", "in": "query"}, {"description": "Password", "name": "password", "type": "string", "in": "query"}, {"description": "First name", "name": "first_name", "type": "string", "in": "query"}, {"description": "Last name", "name": "last_name", "type": "string", "in": "query"}], "tags": ["Public account action \u2705"]}}, "/bundle/private/add_rule_bundle": {"get": {"responses": {"200": {"description": "Success"}}, "summary": "Add a rule to a bundle", "description": "Add a rule to an existing bundle. This operation requires authentication using your **API KEY**, which can be retrieved from your account profile.\n\n### Query Parameters\n\n| Parameter | Type | Required | Description | Constraints / Notes |\n|---------------|--------|----------|----------------------------------------------------------------|--------------------------------------------------|\n| X-API-KEY | string | Yes | Your personal API key for authentication | Must be valid. Provided in your user profile |\n| rule_id | int | Yes | ID of the rule to add to the bundle | Must exist |\n| bundle_id | int | Yes | ID of the bundle that will receive the rule | Must exist and you must own it (or be admin) |\n| description | string | Yes | A description or comment for this rule inside the bundle | Must be non-empty string |\n\n### Permission Requirements\n\nYou may add a rule to a bundle **only if**:\n- You are the **owner** of the bundle, **or**\n- You are an **administrator**\n\nIf you do not meet these conditions, the request will be rejected.\n\n### Behavior\n\n1. Validate query parameters \n2. Check if the bundle exists \n3. Check permissions \n4. Add the rule to the bundle \n5. Return success or error response \n\n### Example cURL Request\n\n```bash\ncurl -X GET \"/api/bundle/add_rule_bundle?rule_id=42&bundle_id=7&description=Important\" -H \"X-API-KEY: \"", "operationId": "get_add_rule_to_bundle", "parameters": [{"description": "Required. ID of the rule to add.", "name": "rule_id", "type": "string", "in": "query"}, {"description": "Required. ID of the bundle.", "name": "bundle_id", "type": "string", "in": "query"}, {"description": "Required. Description for this rule within the bundle.", "name": "description", "type": "string", "in": "query"}], "tags": ["Private action on Bundle \ud83d\udd11 (with api key)"]}}, "/bundle/private/create": {"post": {"responses": {"200": {"description": "Success"}}, "summary": "Create a new bundle", "description": "Create a new bundle in the system. You must authenticate using your **API KEY**, which can be found in your personal profile on rulezet.org.\n\n### Query Parameters\n\n| Parameter | Type | Required | Description | Constraints / Notes |\n|-------------|---------|----------|-----------------------------------------------------------------------------|-------------------------------------------------|\n| X-API-KEY | string | Yes | Your personal API key for authentication | Must be valid. Found in your user profile |\n| name | string | Yes | Name of the bundle | Must be unique, non-empty |\n| description | string | No | Description of the bundle | Optional. If not provided, defaults to empty |\n| public | bool | Yes | Allow people to see your bundle or not | Must be valid | \n\n### Example cURL Request\n\n```bash\ncurl -X POST /api/bundle/private/create -H \"Content-Type: application/json\" -H \"X-API-KEY: \" -d '{\n \"name\": \"My Bundle Name\",\n \"description\": \"This is a test bundle created via API.\",\n \"public\": true\n}'\n\nThis endpoint allows authenticated users to create a new bundle for organizing rules. The name is required and must be unique, while description is optional.", "operationId": "post_create_bundle", "parameters": [{"description": "Required. The name of the bundle. Must be a non-empty string.", "name": "name", "type": "string", "in": "query"}, {"description": "Optional. Description of the bundle.", "name": "description", "type": "string", "in": "query"}, {"description": "Optional. Boolean flag indicating if the bundle is public. Defaults to True.", "name": "public", "type": "string", "in": "query"}], "tags": ["Private action on Bundle \ud83d\udd11 (with api key)"]}}, "/bundle/private/edit_bundle/{bundle_id}": {"parameters": [{"description": "ID of the bundle", "name": "bundle_id", "in": "path", "required": true, "type": "integer"}], "post": {"responses": {"200": {"description": "Success"}}, "summary": "Update a bundle", "description": "Update a bundle (name and/or description)", "operationId": "post_edit_bundle", "tags": ["Private action on Bundle \ud83d\udd11 (with api key)"]}}, "/bundle/private/remove_rule_bundle": {"get": {"responses": {"200": {"description": "Success"}}, "summary": "Remove a rule from a bundle", "description": "Remove a rule from a bundle.\n\nThis endpoint allows removing an existing rule from a specific bundle.\nOnly the bundle owner or an administrator is allowed to perform this action.\n\n### Parameters\n----------\nThe following query parameters must be provided:\n\n| Parameter | Type | Required | Description |\n|------------|--------|----------|--------------------------------------------------------------|\n| rule_id | int | Yes | ID of the rule to remove from the bundle. |\n| bundle_id | int | Yes | ID of the bundle from which the rule will be removed. |\n\n\n### Constraints\n-----------\n- Both parameters must be valid integers.\n- The bundle must exist.\n- The rule must exist inside the bundle.\n- Only the bundle owner or an administrator is allowed to remove rules.\n\n### Authorization\n-------------\nThis endpoint requires a valid API key.\nOnly:\n- The bundle owner\n- An admin user\nare authorized to remove rules.\n\n### Example Request\n---------------\n```json\nGET /api/bundle/remove_rule_bundle?rule_id=123&bundle_id=456\nHeader: X-API-KEY: your_api_key_here", "operationId": "get_remove_rule_from_bundle", "parameters": [{"description": "ID of the rule to remove", "name": "rule_id", "type": "string", "in": "query"}, {"description": "ID of the bundle to remove the rule from", "name": "bundle_id", "type": "string", "in": "query"}], "tags": ["Private action on Bundle \ud83d\udd11 (with api key)"]}}, "/bundle/public/search": {"get": {"responses": {"200": {"description": "Success"}}, "summary": "Search bundles without pagination", "description": "Search for bundle by **title**, **description**, **UUID**, or **author**, without pagination.\n\n### Query Parameters\n\n| Parameter | Type | Description |\n|------------|---------|-----------------------------------------------------------------------------|\n| search | string | Keyword to search in rule title |\n\n### Example cURL Request\n\n```bash\ncurl -G \"http://127.0.0.1:7009/api/bundle/public/search\" --data-urlencode \"search=detect\"", "operationId": "get_search_bundle", "parameters": [{"description": "Keyword to search in bundle name", "name": "search", "type": "string", "in": "query"}], "tags": ["Public action on Bundle \u2705"]}}, "/rule/private/create": {"post": {"responses": {"200": {"description": "Success"}}, "summary": "Create a new rule", "description": "Create a new detection rule in the system. You must authenticate using your **API KEY**, which can be found in your personal profile on rulezet.org.\n\n### Query Parameters\n\n| Parameter | Type | Required | Description | Constraints / Notes |\n|-----------------|---------|----------|----------------------------------------------------------------------------------------------|-----------------------------------------------------------------|\n| X-API-KEY | string | Yes | Your personal API key for authentication | Must be valid. Found in your user profile |\n| title | string | Yes | Title of the rule | Must be unique, non-empty |\n| description | string | No | Description of the rule | Optional. If not provided, defaults to \"No description provided\"|\n| version | string | No | Version of the rule | Must be non-empty |\n| format | string | Yes | Rule format | Supported: yara, sigma, suricata, zeek, crs, nova, nse, wazuh |\n| license | string | No | License applied to the rule | Must be non-empty |\n| source | string | No | Source or origin of the rule | Optional. Defaults to the user's name |\n| to_string | string | Yes | String representation of the rule content | Must be valid syntax for the specified format |\n| original_uuid | string | No | Original UUID of the rule | Optional. Only provide if preserving original UUID |\n| author | string | Auto | Author of the rule | Automatically filled from API key user |\n| cve_id | string | No | CVE ID associated with the rule | Must be a valid CVE ID format (e.g., CVE-2023-12345) |\n\n### Example cURL Request\n\n```bash\ncurl -X POST http://127.0.0.1:7009/api/rule/private/create -H \"Content-Type: application/json\" -H \"X-API-KEY: \" -d '{\n \"title\": \"My N Rule\",\n \"format\": \"yara\",\n \"version\": \"1.0\",\n \"to_string\": \"rule example { condition: true }\",\n \"license\": \"MIT\",\n \"original_uuid\": \"wd334sda\",\n \"description\": \"This is a test rule\",\n \"source\": \"unit-test\",\n \"cve_id\": \"CVE-2023-12345\"\n}'", "operationId": "post_create_rule", "parameters": [{"description": "Required. The title of the rule. Must be unique and non-empty.", "name": "title", "type": "string", "in": "query"}, {"description": "Optional. Description of the rule. Defaults to 'No description provided'.", "name": "description", "type": "string", "in": "query"}, {"description": "Required. Version of the rule. Must be non-empty.", "name": "version", "type": "string", "in": "query"}, {"description": "Required. Rule format (e.g., yara, sigma, suricata, zeek, crs, nova, nse, wazuh).", "name": "format", "type": "string", "in": "query"}, {"description": "Required. License applied to the rule. Must be non-empty.", "name": "license", "type": "string", "in": "query"}, {"description": "Optional. Source or origin of the rule. Defaults to your name if not provided.", "name": "source", "type": "string", "in": "query"}, {"description": "Required. String representation of the rule content. Must be valid syntax for the format.", "name": "to_string", "type": "string", "in": "query"}, {"description": "Optional. Original UUID of the rule if you want to preserve it.", "name": "original_uuid", "type": "string", "in": "query"}, {"description": "Automatically filled from the API key user.", "name": "author", "type": "string", "in": "query"}, {"description": "Optional. CVE ID associated with the rule. Must be a valid CVE format, e.g., CVE-2023-12345.", "name": "cve_id", "type": "string", "in": "query"}], "tags": ["Private action on Rule \ud83d\udd11 (with api key)"]}}, "/rule/private/delete": {"post": {"responses": {"200": {"description": "Success"}}, "summary": "Delete a rule by ID", "description": "Delete an existing rule by its **ID**. You must authenticate using your **API KEY**, which can be found in your personal profile on rulezet.org.\n\n### Query Parameters\n\n| Parameter | Type | Required | Description | Constraints / Notes |\n|-------------|---------|----------|-----------------------------------------------------------------------------|-----------------------------------------------------|\n| X-API-KEY | string | Yes | Your personal API key for authentication | Must be valid. Found in your user profile |\n| rule_id | int | Yes | ID of the rule to delete | Must match an existing rule ID in the system |\n\n### Example cURL Request\n\n```bash\ncurl -X POST http://127.0.0.1:7009/api/rule/private/delete -H \"Content-Type: application/json\" -H \"X-API-KEY: \" -d '{\"rule_id\": }'", "operationId": "post_delete_rule", "parameters": [{"description": "Required. ID of the rule to delete. Must match an existing rule.", "name": "rule_id", "type": "string", "in": "query"}], "tags": ["Private action on Rule \ud83d\udd11 (with api key)"]}}, "/rule/private/dumpRules": {"post": {"responses": {"200": {"description": "Success"}}, "summary": "Generate a full dump of all rules for analysis or integration", "description": "Provide a complete structured JSON dump of all rules for analysis or integration. \nThis endpoint is intended for advanced users, researchers, and analysts who want to access all rules as open data.\n\n**Authentication:** Requires a valid **API Key** in the request headers.\n\n### Headers\n\n| Header | Type | Required | Description |\n|------------|--------|----------|-------------|\n| X-API-KEY | string | Yes | Your personal API key for authentication |\n\n### Optional JSON Body Parameters\n\n| Parameter | Type | Required | Description |\n|-----------------|--------------------|----------|-------------|\n| format_name | string or list | No | Filter rules by format(s). Example: `\"yara\"` or `[\"yara\", \"sigma\"]`. Use `\"all\"` for all available formats. |\n| created_after | string (datetime) | No | Include rules created on or after this date. Format: `\"YYYY-MM-DD\"` or `\"YYYY-MM-DD HH:MM\"`. |\n| created_before | string (datetime) | No | Include rules created on or before this date. Format: `\"YYYY-MM-DD\"` or `\"YYYY-MM-DD HH:MM\"`. |\n| updated_after | string (datetime) | No | Include rules updated on or after this date. Format: `\"YYYY-MM-DD\"` or `\"YYYY-MM-DD HH:MM\"`. |\n| updated_before | string (datetime) | No | Include rules updated on or before this date. Format: `\"YYYY-MM-DD\"` or `\"YYYY-MM-DD HH:MM\"`. |\n| top_liked | integer | No | Return only the top N most liked rules. |\n| top_disliked | integer | No | Return only the top N most disliked rules. |\n\n### Response\n\n- **200 OK** \u2013 Successfully generated rules dump.\n ```json\n {\n \"success\": true,\n \"message\": \"Rules dump successfully generated.\",\n \"filters_applied\": {\n \"format_name\": [\"yara\", \"sigma\"],\n \"created_after\": \"2025-10-01 00:00\",\n \"created_before\": \"2025-11-01 23:59\",\n \"updated_after\": \"2025-10-05\",\n \"updated_before\": \"2025-11-02\",\n \"top_liked\": 10,\n \"top_disliked\": 5\n },\n \"data\": {\n \"summary_by_format\": {\n \"yara\": 120,\n \"sigma\": 75,\n \"total_rules\": 195\n },\n \"rules\": [\n {\n \"id\": 1,\n \"title\": \"Example YARA Rule\",\n \"format\": \"yara\",\n \"author\": \"Alice\",\n \"created_at\": \"2025-10-02 15:30\",\n \"updated_at\": \"2025-10-20 12:00\",\n \"likes\": 12,\n \"dislikes\": 0,\n \"to_string\": \"rule example { condition: true }\",\n \"cve_id\": \"CVE-2025-1234\"\n }\n ]\n }\n }\n\n- **403 Forbidden** \u2013 Missing or invalid API key.\n ```json\n {\"success\": false, \"message\": \"Unauthorized\"}\n\n- **400 Bad Request** \u2013 Invalid JSON body or filter parameters.\n ```json\n {\"success\": false, \"message\": \"Invalid JSON body\"}\n\n- **404 Not Found** \u2013 No rules match the specified filters.\n ```json\n {\"success\": false, \"message\": \"No rules found to dump.\"}\n\nExample cURL Requests\n\n- **Dump all rules :** \n ```json\n curl -X POST http://127.0.0.1:7009/api/rule/private/dumpRules -H \"Content-Type: application/json\" -H \"X-API-KEY: \" -d '{}'\n\n- **Filter by multiple formats and date ranges :**\n ```json\n curl -X POST http://127.0.0.1:7009/api/rule/private/dumpRules -H \"Content-Type: application/json\" -H \"X-API-KEY: \" -d '{\n \"format_name\": [\"yara\", \"sigma\"],\n \"created_after\": \"2025-10-01 00:00\",\n \"created_before\": \"2025-11-01 23:59\",\n \"updated_after\": \"2025-10-05\",\n \"updated_before\": \"2025-11-02\",\n \"top_liked\": 10,\n \"top_disliked\": 5\n }'\n\n- **Dump all formats without filtering:**\n ```json\n curl -X POST http://127.0.0.1:7009/api/rule/private/dumpRules -H \"Content-Type: application/json\" -H \"X-API-KEY: \" -d '{\n \"format_name\": [\"all\"]\n }'", "operationId": "post_dump_rules", "tags": ["Private action on Rule \ud83d\udd11 (with api key)"]}}, "/rule/private/favorite/{rule_id}": {"parameters": [{"name": "rule_id", "in": "path", "required": true, "type": "integer"}], "get": {"responses": {"200": {"description": "Success"}}, "summary": "Toggle favorite status of a rule for the authenticated user", "description": "Add or remove a rule from the authenticated user's **favorites** list. \nIf the rule is already in the user's favorites, it will be removed; otherwise, it will be added.\n\n### Path Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| rule_id | int | Yes | ID of the rule to add or remove from favorites |\n\n### Headers\n\n| Header | Type | Required | Description |\n|------------|--------|----------|-------------|\n| X-API-KEY | string | Yes | Your personal API key for authentication (found in your profile) |\n\n### Responses\n\n- **200 OK** \u2013 Rule successfully added or removed from favorites. \n ```json\n {\"success\": true, \"message\": \"Rule added to favorites\"}\n\n{\"success\": true, \"message\": \"Rule removed from favorites\"}\n\n 403 Forbidden \u2013 Invalid or missing API key.\n\n {\"success\": false, \"message\": \"Unauthorized\"}\n\nExample cURL Request\n\ncurl -X GET http://127.0.0.1:7009/api/rule/private/favorite/4 -H \"X-API-KEY: \"", "operationId": "get_favorite_rule", "tags": ["Private action on Rule \ud83d\udd11 (with api key)"]}}, "/rule/private/import_rules_from_github": {"post": {"responses": {"200": {"description": "Success"}}, "summary": "Import rules of any supported format from a GitHub repository (admin only)", "description": "Import detection rules of **any supported format** (e.g., YARA, Sigma, Suricata) from a **GitHub repository** into the system. \n**Only admin users** are allowed to perform this operation.\n\n### Query Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|--------|----------|-------------|\n| url | string | Yes | URL of the GitHub repository containing the rules to import. Must be a valid GitHub repository URL. |\n| license | string | Yes | License to apply to the imported rules (e.g., MIT, GPL). |\n\n### Headers\n\n| Header | Type | Required | Description |\n|------------|--------|----------|-------------|\n| X-API-KEY | string | Yes | Your personal API key for authentication (must belong to an admin user). |\n\n### Responses\n\n- **200 OK** \u2013 Rules successfully imported.\n ```json\n {\n \"success\": true,\n \"imported\": 10,\n \"skipped\": 2,\n \"failed\": 0\n }\n\n\n- **200 OK** Multi-Status \u2013 Some rules failed to import.\n ```json\n {\n \"success\": true,\n \"imported\": 8,\n \"skipped\": 2,\n \"failed\": 2\n }\n\n- **400 Bad Request** \u2013 Invalid parameters or non-admin user.\n ```json\n {\"success\": false, \"message\": \"Missing 'url' parameter\"}\n\n {\"success\": false, \"message\": \"You have to be an admin to import\"}\n\n- **500 Internal Server Error** \u2013 Error while cloning/accessing the repository or during rule extraction.\n ```json\n {\n \"success\": false,\n \"message\": \"An error occurred while importing from: \",\n \"error\": \"\"\n }\n\nExample cURL Request\n\ncurl -X POST http://127.0.0.1:7009/api/rule/private/import_rules_from_github -H \"Content-Type: application/json\" -H \"X-API-KEY: \" -d '{\n \"url\": \"https://github.com/ecrou-exact/Test-pour-regle-yara-.git\",\n \"license\": \"MIT\"\n}'", "operationId": "post_import_rules_from_github", "parameters": [{"description": "Required. URL of the GitHub repository to import rules from", "name": "url", "type": "string", "in": "query"}, {"description": "Required. License to apply to the imported rules (e.g., MIT, GPL)", "name": "license", "type": "string", "in": "query"}], "tags": ["Private action on Rule \ud83d\udd11 (with api key)"]}}, "/rule/private/me": {"get": {"responses": {"200": {"description": "Success"}}, "summary": "Get the current user information", "description": "Try to connect with your **API KEY**. You can found it in your personnal profil on rulezet.org .\n\n### Query Parameters\n\n| Parameter | Type | Description |\n|------------|---------|-----------------------------------------------------------------------------|\n| search | string | Your api KEY ************************************************************ |\n\n### Example cURL Request\n\n```bash\ncurl -X GET http://127.0.0.1:7009/api/rule/private/me -H \"X-API-KEY: ************************************************************ \"\n```", "operationId": "get_hello_private", "tags": ["Private action on Rule \ud83d\udd11 (with api key)"]}}, "/rule/private/search": {"post": {"responses": {"200": {"description": "Success"}}, "summary": "Search rules with full filter support (same as the web interface)", "description": "Search and filter rules with the same power as the web interface.\n\nAll parameters are optional. Combining them applies AND logic between filters.\n\n### Headers\n\n| Header | Type | Required | Description |\n|-----------|--------|----------|------------------------|\n| X-API-KEY | string | Yes | Your personal API key |\n\n### Body Parameters (JSON)\n\n| Parameter | Type | Description |\n|-----------------|-----------------|-----------------------------------------------------------------------------|\n| search | string | Free-text search across title, description, format, author, content, uuid |\n| search_field | string | Target field: `all` (default), `title`, `content` |\n| exact_match | boolean | If true, title uses strict equality, content uses case-sensitive LIKE |\n| author | string | Filter by author name (partial, case-insensitive) |\n| rule_type | string | Filter by format (e.g. `yara`, `sigma`) |\n| source | string | Filter by source \u2014 comma-separated for OR (e.g. `\"github.com,internal\"`) |\n| license | string | Filter by license \u2014 comma-separated for OR (e.g. `\"MIT,GPL\"`) |\n| vulnerabilities | list[string] | Filter by CVE IDs (e.g. `[\"CVE-2021-44228\"]`) |\n| tags | list[string] | Filter by tag names (e.g. `[\"malware\", \"apt\"]`) |\n| sort_by | string | `newest` (default), `oldest`, `most_likes`, `least_likes` |\n| page | integer | Page number, default 1 |\n| per_page | integer | Results per page, default 20, max 100. Ignored if `paginate` is false |\n| paginate | boolean | If false, return all results without pagination (default: true) |\n| fields | list[string] | Return only these fields. Omit for all fields. Use `[\"content\"]` for rules-only |\n\n**fields available**(id, title, format, author, license, description, version, source, uuid, original_uuid, creation_date, last_modif, vote_up, vote_down,to_string, cve_id, github_path)\n\n\n### Response\n\n```json\n{\n \"success\": true,\n \"total\": 142,\n \"page\": 1,\n \"per_page\": 20,\n \"pages\": 8,\n \"rules\": [ ... ]\n}\n```\n\n### Example cURL\n\n```bash\ncurl -X POST http://127.0.0.1:7009/api/rule/private/search \\\n-H \"Content-Type: application/json\" \\\n-H \"X-API-KEY: \" \\\n-d '{\n \"search\": \"mimikatz\",\n \"rule_type\": \"yara\",\n \"tags\": [\"credential_access\"],\n \"sort_by\": \"most_likes\",\n \"page\": 1,\n \"per_page\": 20\n}'\n```", "operationId": "post_search_rules", "tags": ["Private action on Rule \ud83d\udd11 (with api key)"]}}, "/rule/public/Convert_MISP": {"get": {"responses": {"200": {"description": "Success"}}, "summary": "Search rules and convert them to MISP objects if possible", "description": "Search for rules by **title**, **description**, **UUID**, or **author** and convert them into MISP objects if possible.\n\n### Query Parameters\n\n| Parameter | Type | Description |\n|------------|---------|-----------------------------------------------------------------------------|\n| search | string | Keyword to search in rule title |\n| author | string | Filter rules by author |\n| rule_type | string | Filter by rule type |\n| sort_by | string | Sorting option: `newest`, `oldest`, `most_likes`, `least_likes` |\n\n### Example cURL Request\n\n```bash\ncurl -G \"http://127.0.0.1:7009/api/rule/public/Convert_MISP\" --data-urlencode \"search=mars\" --data-urlencode \"author=John\" --data-urlencode \"rule_type=malware\" --data-urlencode \"sort_by=newest\"\n```", "operationId": "get_convert_misp", "parameters": [{"description": "Keyword to search in rule title", "name": "search", "type": "string", "in": "query"}, {"description": "Filter rules by author", "name": "author", "type": "string", "in": "query"}, {"description": "Filter by rule type", "name": "rule_type", "type": "string", "in": "query"}, {"description": "Sorting option: newest, oldest, most_likes, least_likes", "name": "sort_by", "type": "string", "in": "query"}], "tags": ["Public action on Rule \u2705"]}}, "/rule/public/all_by_user/{user_id}": {"parameters": [{"name": "user_id", "in": "path", "required": true, "type": "integer"}], "get": {"responses": {"200": {"description": "Success"}}, "summary": "Get all rules created by a specific user", "description": "Retrieve **all rules authored by a specific user**, identified by their unique `user_id`.\n\n### Path Parameter\n\n| Parameter | Type | Description |\n|-----------|------|---------------------------------------|\n| user_id | int | The ID of the user whose rules to get |\n\n### Example cURL Request\n\n```bash\ncurl -X GET \"http://127.0.0.1:7009/api/rule/public/all_by_user/4\"\n```", "operationId": "get_rules_by_user", "tags": ["Public action on Rule \u2705"]}}, "/rule/public/detail/{rule_id}": {"parameters": [{"name": "rule_id", "in": "path", "required": true, "type": "integer"}], "get": {"responses": {"200": {"description": "Success"}}, "summary": "Get the details of a rule by its ID", "description": "Retrieve the full details of a rule using its **unique rule ID**.\n\n### Path Parameter\n\n| Parameter | Type | Description |\n|-----------|------|-----------------------------------|\n| rule_id | int | The ID of the rule to retrieve |\n\n### Example cURL Request\n\n```bash\ncurl -X GET \"http://127.0.0.1:7009/api/rule/public/detail/6\"\n```", "operationId": "get_detail_rule", "tags": ["Public action on Rule \u2705"]}}, "/rule/public/search": {"get": {"responses": {"200": {"description": "Success"}}, "summary": "Search rules without pagination", "description": "Search for rules by **title**, **description**, **UUID**, or **author**, without pagination.\n\n### Query Parameters\n\n| Parameter | Type | Description |\n|------------|---------|-----------------------------------------------------------------------------|\n| search | string | Keyword to search in rule title |\n| author | string | Filter rules by author |\n| rule_type | string | Filter by rule type |\n| sort_by | string | Sorting option: `newest`, `oldest`, `most_likes`, `least_likes` |\n\n### Example cURL Request\n\n```bash\ncurl -G \"http://127.0.0.1:7009/api/rule/public/search\" --data-urlencode \"search=detect\" --data-urlencode \"author=@malgamy12\" --data-urlencode \"rule_type=malware\" --data-urlencode \"sort_by=newest\"", "operationId": "get_search_rule", "parameters": [{"description": "Keyword to search in rule title", "name": "search", "type": "string", "in": "query"}, {"description": "Filter rules by author", "name": "author", "type": "string", "in": "query"}, {"description": "Filter by rule type", "name": "rule_type", "type": "string", "in": "query"}, {"description": "Sorting option: newest, oldest, most_likes, least_likes", "name": "sort_by", "type": "string", "in": "query"}], "tags": ["Public action on Rule \u2705"]}}, "/rule/public/searchPage": {"get": {"responses": {"200": {"description": "Success"}}, "summary": "Search and paginate rules", "description": "Search for rules by **title**, **description**, **UUID**, or **author**, with pagination support.\n\n### Query Parameters\n\n| Parameter | Type | Description |\n|------------|---------|-----------------------------------------------------------------------------|\n| search | string | Keyword to search in rule title |\n| author | string | Filter rules by author |\n| rule_type | string | Filter by rule type |\n| sort_by | string | Sorting option: `newest`, `oldest`, `most_likes`, `least_likes` |\n| page | integer | Page number (default=1) |\n| per_page | integer | Items per page (default=10) |\n\n### Example cURL Request\n\n\n```bash\ncurl -G \"http://127.0.0.1:7009/api/rule/public/searchPage\" --data-urlencode \"search=detect\" --data-urlencode \"author=John\" --data-urlencode \"sort_by=newest\" --data-urlencode \"page=1\" --data-urlencode \"per_page=10\"\n```", "operationId": "get_search_rule_page", "parameters": [{"description": "Keyword to search in rule title", "name": "search", "type": "string", "in": "query"}, {"description": "Filter rules by author", "name": "author", "type": "string", "in": "query"}, {"description": "Filter by rule type", "name": "rule_type", "type": "string", "in": "query"}, {"description": "Sorting option: newest, oldest, most_likes, least_likes", "name": "sort_by", "type": "string", "in": "query"}, {"description": "Page number (default=1)", "name": "page", "type": "string", "in": "query"}, {"description": "Items per page (default=10)", "name": "per_page", "type": "string", "in": "query"}], "tags": ["Public action on Rule \u2705"]}}, "/rule/public/search_rules_by_cve": {"parameters": [{"description": "One or more vulnerability identifiers (CVE, GHSA, etc.)", "name": "cve_ids", "type": "string", "in": "query"}], "get": {"responses": {"200": {"description": "Success"}}, "summary": "Search rules by vulnerability identifiers", "description": "Search for all rules that match specific **CVE IDs** or **vulnerability identifiers** (GHSA, PYSEC, etc.).\n\nThis endpoint automatically detects and normalizes vulnerability patterns from the input string, then performs a broad search across the rules database.\n\n### Query Parameter\n\n| Parameter | Type | Description |\n|-----------|--------|-----------------------------------------------------------------------------|\n| cve_ids | string | A comma-separated list or a raw string containing one or more vulnerability IDs |\n\n### Example cURL Request\n\n```bash\ncurl -G \"http://127.0.0.1:7009/api/rule/public/search_rules_by_cve\" --data-urlencode \"cve_ids=CVE-2021-44228,GHSA-j8v8-6h6r-m6pq\"", "operationId": "get_rules_by_cve", "tags": ["Public action on Rule \u2705"]}}}, "info": {"title": "Rulezet API", "version": "1.5.0", "description": "\n# Welcome to the Rulezet API\n\nThe **Rulezet API** provides full programmatic access to your Rulezet instance, including:\n\n- **Rules**: manage detection rules \n- **Bundles**: organize and distribute rule bundles \n- **Account**: manage users and API keys\n\n---\n\n## Access Levels\n\nThe API is divided into **public** and **private** namespaces:\n\n### \u2705 Public Namespaces\n- Free access\n- No API key required\n- Ideal for retrieving metadata, listing rules, and fetching bundles\n- Safe for dashboards, scripts, or external integrations\n\n### \ud83d\udd11 Private Namespaces\n- Require a **personal API key**\n- Used for operations that modify data or access sensitive information\n- Includes creating, updating, or deleting rules and bundles, managing accounts\n- API key can be found in your profile page\n\n---\n\n## Usage\n- Public endpoints: accessible directly \n- Private endpoints: include your API key in request headers\n\nExplore all endpoints and try them out using the Swagger UI below.\n"}, "produces": ["application/json"], "consumes": ["application/json"], "tags": [{"name": "Public action on Rule \u2705", "description": "Public rule operations"}, {"name": "Private action on Rule \ud83d\udd11 (with api key)", "description": "Private rule operations"}, {"name": "Public action on Bundle \u2705", "description": "Public bundle operations"}, {"name": "Private action on Bundle \ud83d\udd11 (with api key)", "description": "Private bundle operations"}, {"name": "Public account action \u2705", "description": "Public account operations"}, {"name": "Private account action \ud83d\udd11 (with api key)", "description": "Private account operations"}], "responses": {"ParseError": {"description": "When a mask can't be parsed"}, "MaskError": {"description": "When any error occurs on mask"}}}