# Control rule added An admin user has added a new control rule. Endpoint: POST control-rule-added Version: v1 Security: X-Signature ## Header parameters: - `X-Signature` (string, required) Example: "X-Signature: t=1492774577,v1=5257a869..." ## Request fields (application/json): - `version` (string, required) The version of the event. Example: "1" - `id` (string, required) The unique identifier for the event. This can be used as an idempotency key. Example: "c478966c-f927-411c-b919-179832d3d50c" - `timestamp` (integer, required) When the event occurred, formatted as a UNIX timestamp (in seconds). Example: 1698604061 - `category` (string, required) The category of the event. Enum: "AUDIT" - `object` (string, required) The type of event. Enum: "CONTROL_RULE_ADDED" - `friendlyName` (string, required) The friendly name of this object. Note: this is subject to change and should not be used to match on this object. Example: "Control rule added" - `description` (string, required) The description of the event. Note: this is subject to change and should not be used to match on this object. Example: "user@example.com added a control rule" - `actor` (object, required) This object contains information about the user that performed the action triggering the audit log. - `actor.source` (string, required) The source of the action that generated the event. Enum: "UI" - `actor.email` (string, required) The email address of the actor. - `actor.sourceIpAddress` (string, required) The IP address of the actor. - `actor.userAgent` (string,null, required) The user agent of the actor, if available. - `actor.role` (string,null, required) The role of the actor. Enum: "OWNER", "FULL_ACCESS", "READ_ONLY" - `new` (object, required) The details of the updated rule. - `new.ruleId` (string, required) The unique identifier for the rule Example: "c478966c-f927-411c-b919-179832d3d50c" - `new.control` (string, required) The control that the rule applies to. Enum: "APP_BANNER", "BLOCKED_URL", "BROWSER_EXTENSION_BLOCKING", "CLONED_LOGIN_PAGE_DETECTION", "MALICIOUS_COPY_PASTE_DETECTION", "MFA_ENFORCEMENT", "PASSWORD_PROTECTION", "PHISHING_TOOL_DETECTION", "SESSION_TOKEN_THEFT_DETECTION", "SSO_PASSWORD_PROTECTION" - `new.description` (string, required) The description given to the rule. Example: "Display app banner on ChatGPT" - `new.enabled` (boolean, required) Whether the rule is enabled. Example: true - `new.criteria` (object, required) The criteria for applying the rule. - `new.criteria.appLabels` (object) Conditions for matching app labels. - `new.criteria.appLabels.patterns` (array, required) The patterns to match. - `new.criteria.appLabels.include` (boolean, required) Whether the condition is to match the pattern or not, i.e. include or exclude matches. Example: true - `new.criteria.employeeGroups` (object) Conditions for matching employee groups. - `new.criteria.employeeGroups.patterns` (array, required) The patterns to match. - `new.criteria.employeeGroups.include` (boolean, required) Whether the condition is to match the pattern or not, i.e. include or exclude matches. Example: true - `new.criteria.approvalStates` (object) Conditions for matching approval states. - `new.criteria.approvalStates.patterns` (array, required) The patterns to match. - `new.criteria.approvalStates.include` (boolean, required) Whether the condition is to match the pattern or not, i.e. include or exclude matches. Example: true - `new.criteria.sensitivityLevels` (object) Conditions for matching sensitivity levels. - `new.criteria.sensitivityLevels.patterns` (array, required) The patterns to match. - `new.criteria.sensitivityLevels.include` (boolean, required) Whether the condition is to match the pattern or not, i.e. include or exclude matches. Example: true - `new.criteria.employeeEmails` (object) Conditions for matching employee emails. - `new.criteria.employeeEmails.patterns` (array, required) The patterns to match. - `new.criteria.employeeEmails.include` (boolean, required) Whether the condition is to match the pattern or not, i.e. include or exclude matches. Example: true - `new.criteria.employeeIds` (object) Conditions for matching employee identifiers. - `new.criteria.employeeIds.patterns` (array, required) The patterns to match. - `new.criteria.employeeIds.include` (boolean, required) Whether the condition is to match the pattern or not, i.e. include or exclude matches. Example: true - `new.criteria.appTypes` (object) Conditions for matching app types. - `new.criteria.appTypes.patterns` (array, required) The patterns to match. - `new.criteria.appTypes.include` (boolean, required) Whether the condition is to match the pattern or not, i.e. include or exclude matches. Example: true - `new.criteria.urlPatterns` (object) Conditions for matching arbitrary url patterns. - `new.criteria.urlPatterns.patterns` (array, required) The patterns to match. Example: ["*://example.com/*"] - `new.criteria.browserExtensionIds` (object) Conditions for matching specific browser extensions by ID. - `new.criteria.browserExtensionIds.patterns` (array, required) The patterns to match. - `new.criteria.browserExtensionIds.include` (boolean, required) Whether the condition is to match the pattern or not, i.e. include or exclude matches. Example: true - `new.criteria.browserExtensionPermissions` (object) Conditions for matching browser extensions by the permissions they use. - `new.criteria.browserExtensionPermissions.patterns` (array, required) The patterns to match. - `new.criteria.browserExtensionPermissions.include` (boolean, required) Whether the condition is to match the pattern or not, i.e. include or exclude matches. Example: true - `new.criteria.browserExtensionDeploymentType` (object) Conditions for matching specific browser extensions by the method of installation. - `new.criteria.browserExtensionDeploymentType.patterns` (array, required) The patterns to match. - `new.criteria.browserExtensionDeploymentType.include` (boolean, required) Whether the condition is to match the pattern or not, i.e. include or exclude matches. Example: true - `new.criteria.browserExtensionProfile` (object) Conditions for matching specific browser extensions by the profile they are installed to. - `new.criteria.browserExtensionProfile.patterns` (array, required) The patterns to match. - `new.criteria.browserExtensionProfile.include` (boolean, required) Whether the condition is to match the pattern or not, i.e. include or exclude matches. Example: true - `new.lastUpdatedTimestamp` (integer, required) When the rule was last updated, formatted as a UNIX timestamp (in seconds). Example: 1698604061 - `new.settings` (object) The settings for the control. ## Response 2XX fields