Skip to main content
External rules let you register rule identifiers from third-party vendors (Chainalysis, TRM Labs, Sardine, etc.) as named entities within Corsa. When an alert arrives from a vendor integration, Corsa matches it against your registered external rules to surface rule names and descriptions in the compliance UI. Full API endpoint details are available in the API Reference (requires API credentials).
All SDK examples assume you have initialized the Corsa client as shown in the Node.js SDK Configuration or Python SDK Configuration guide.

Overview

When a third-party vendor (such as Chainalysis or TRM Labs) fires an alert, it includes a vendor-specific rule ID. Without external rules configured, analysts see a raw ID. By registering your external rules in Corsa, alerts from your vendors display human-readable names and descriptions instead. External rules have the same lifecycle as internal rules — draft, active, disabled — and appear alongside internal rules in the Corsa UI.
The vendorName field cannot be set to Corsa — that value is reserved for rules authored inside the platform.

Create an External Rule

Endpoint: POST /v1/external-rules
POST /v1/external-rules
Content-Type: application/json

{
  "name": "High-Risk Wallet Exposure",
  "description": "Flags transactions involving wallets with high-risk exposure scores from Chainalysis",
  "vendorName": "Chainalysis",
  "externalRuleId": "rule_chainalysis_high_risk_001"
}
const rule = await corsa.externalRules.createExternalRule({
  name: "High-Risk Wallet Exposure",
  description: "Flags transactions involving wallets with high-risk exposure scores from Chainalysis",
  vendorName: "Chainalysis",
  externalRuleId: "rule_chainalysis_high_risk_001",
});
from corsa_sdk.api.external_rules.create_external_rule import _get_kwargs
from corsa_sdk.models.create_external_rule_dto import CreateExternalRuleDto

resp = http.request(**_get_kwargs(
    body=CreateExternalRuleDto(
        name="High-Risk Wallet Exposure",
        description="Flags transactions involving wallets with high-risk exposure scores from Chainalysis",
        vendor_name="Chainalysis",
        external_rule_id="rule_chainalysis_high_risk_001",
    ),
))
rule = resp.json()

Request Fields

FieldRequiredDescription
nameYesHuman-readable rule name shown in the Corsa UI
vendorNameYesName of the vendor providing this rule (e.g. Chainalysis, TRM Labs)
descriptionNoExplanation of what the rule detects
externalRuleIdNoThe rule’s identifier in the vendor’s system — used to match incoming alerts

List External Rules

Endpoint: GET /v1/external-rules Returns a paginated list of all external rules for the platform.
GET /v1/external-rules?page=1&limit=20
const rules = await corsa.externalRules.listExternalRules({ page: 1, limit: 20 });
from corsa_sdk.api.external_rules.list_external_rules import _get_kwargs

resp = http.request(**_get_kwargs(page=1, limit=20))
rules = resp.json()

Filter by Vendor

Use the GET /v1/external-rules/vendors endpoint to retrieve the distinct vendor names in use — useful for building filter UIs or auditing which vendors have rules registered.
REST API
GET /v1/external-rules/vendors

Get an External Rule

Endpoint: GET /v1/external-rules/{id}
GET /v1/external-rules/rule_abc123
const rule = await corsa.externalRules.getExternalRule("rule_abc123");
from corsa_sdk.api.external_rules.get_external_rule import _get_kwargs

resp = http.request(**_get_kwargs(id="rule_abc123"))
rule = resp.json()

Update an External Rule

Endpoint: PUT /v1/external-rules/{id} All fields are optional — only include the fields you want to change.
PUT /v1/external-rules/rule_abc123
Content-Type: application/json

{
  "name": "High-Risk Wallet Exposure (Updated)",
  "description": "Updated description after Chainalysis rule definition change"
}
const updated = await corsa.externalRules.updateExternalRule("rule_abc123", {
  name: "High-Risk Wallet Exposure (Updated)",
  description: "Updated description after Chainalysis rule definition change",
});
from corsa_sdk.api.external_rules.update_external_rule import _get_kwargs
from corsa_sdk.models.update_external_rule_dto import UpdateExternalRuleDto

resp = http.request(**_get_kwargs(
    id="rule_abc123",
    body=UpdateExternalRuleDto(
        name="High-Risk Wallet Exposure (Updated)",
        description="Updated description after Chainalysis rule definition change",
    ),
))
updated = resp.json()

Delete an External Rule

Endpoint: DELETE /v1/external-rules/{id} Soft-deletes the rule. The rule is removed from active matching but its history is preserved for audit purposes.
DELETE /v1/external-rules/rule_abc123
await corsa.externalRules.deleteExternalRule("rule_abc123");
from corsa_sdk.api.external_rules.delete_external_rule import _get_kwargs

http.request(**_get_kwargs(id="rule_abc123"))

Rule Response Object

{
  "id": "rule_abc123",
  "version": 1,
  "status": "active",
  "isExternalRule": true,
  "name": "High-Risk Wallet Exposure",
  "description": "Flags transactions involving wallets with high-risk exposure scores from Chainalysis",
  "vendorName": "Chainalysis",
  "externalRuleId": "rule_chainalysis_high_risk_001",
  "createdBy": "user_xyz",
  "createdAt": "2024-01-15T10:00:00Z"
}