External rules let you register rule identifiers from third-party vendors (Chainalysis, TRM Labs, Sardine, etc.) as named entities within Corsa. When an alert arrives from a vendor integration, Corsa matches it against your registered external rules to surface rule names and descriptions in the compliance UI.
Full API endpoint details are available in the API Reference (requires API credentials).
Overview
When a third-party vendor (such as Chainalysis or TRM Labs) fires an alert, it includes a vendor-specific rule ID. Without external rules configured, analysts see a raw ID. By registering your external rules in Corsa, alerts from your vendors display human-readable names and descriptions instead.
External rules have the same lifecycle as internal rules — draft, active, disabled — and appear alongside internal rules in the Corsa UI.
The vendorName field cannot be set to Corsa — that value is reserved for rules authored inside the platform.
Create an External Rule
Endpoint: POST /v1/external-rules
POST /v1/external-rules
Content-Type: application/json
{
"name": "High-Risk Wallet Exposure",
"description": "Flags transactions involving wallets with high-risk exposure scores from Chainalysis",
"vendorName": "Chainalysis",
"externalRuleId": "rule_chainalysis_high_risk_001"
}
const rule = await corsa.externalRules.createExternalRule({
name: "High-Risk Wallet Exposure",
description: "Flags transactions involving wallets with high-risk exposure scores from Chainalysis",
vendorName: "Chainalysis",
externalRuleId: "rule_chainalysis_high_risk_001",
});
from corsa_sdk.api.external_rules.create_external_rule import _get_kwargs
from corsa_sdk.models.create_external_rule_dto import CreateExternalRuleDto
resp = http.request(**_get_kwargs(
body=CreateExternalRuleDto(
name="High-Risk Wallet Exposure",
description="Flags transactions involving wallets with high-risk exposure scores from Chainalysis",
vendor_name="Chainalysis",
external_rule_id="rule_chainalysis_high_risk_001",
),
))
rule = resp.json()
Request Fields
| Field | Required | Description |
|---|
name | Yes | Human-readable rule name shown in the Corsa UI |
vendorName | Yes | Name of the vendor providing this rule (e.g. Chainalysis, TRM Labs) |
description | No | Explanation of what the rule detects |
externalRuleId | No | The rule’s identifier in the vendor’s system — used to match incoming alerts |
List External Rules
Endpoint: GET /v1/external-rules
Returns a paginated list of all external rules for the platform.
GET /v1/external-rules?page=1&limit=20
const rules = await corsa.externalRules.listExternalRules({ page: 1, limit: 20 });
from corsa_sdk.api.external_rules.list_external_rules import _get_kwargs
resp = http.request(**_get_kwargs(page=1, limit=20))
rules = resp.json()
Filter by Vendor
Use the GET /v1/external-rules/vendors endpoint to retrieve the distinct vendor names in use — useful for building filter UIs or auditing which vendors have rules registered.
GET /v1/external-rules/vendors
Get an External Rule
Endpoint: GET /v1/external-rules/{id}
GET /v1/external-rules/rule_abc123
const rule = await corsa.externalRules.getExternalRule("rule_abc123");
from corsa_sdk.api.external_rules.get_external_rule import _get_kwargs
resp = http.request(**_get_kwargs(id="rule_abc123"))
rule = resp.json()
Update an External Rule
Endpoint: PUT /v1/external-rules/{id}
All fields are optional — only include the fields you want to change.
PUT /v1/external-rules/rule_abc123
Content-Type: application/json
{
"name": "High-Risk Wallet Exposure (Updated)",
"description": "Updated description after Chainalysis rule definition change"
}
const updated = await corsa.externalRules.updateExternalRule("rule_abc123", {
name: "High-Risk Wallet Exposure (Updated)",
description: "Updated description after Chainalysis rule definition change",
});
from corsa_sdk.api.external_rules.update_external_rule import _get_kwargs
from corsa_sdk.models.update_external_rule_dto import UpdateExternalRuleDto
resp = http.request(**_get_kwargs(
id="rule_abc123",
body=UpdateExternalRuleDto(
name="High-Risk Wallet Exposure (Updated)",
description="Updated description after Chainalysis rule definition change",
),
))
updated = resp.json()
Delete an External Rule
Endpoint: DELETE /v1/external-rules/{id}
Soft-deletes the rule. The rule is removed from active matching but its history is preserved for audit purposes.
DELETE /v1/external-rules/rule_abc123
await corsa.externalRules.deleteExternalRule("rule_abc123");
from corsa_sdk.api.external_rules.delete_external_rule import _get_kwargs
http.request(**_get_kwargs(id="rule_abc123"))
Rule Response Object
{
"id": "rule_abc123",
"version": 1,
"status": "active",
"isExternalRule": true,
"name": "High-Risk Wallet Exposure",
"description": "Flags transactions involving wallets with high-risk exposure scores from Chainalysis",
"vendorName": "Chainalysis",
"externalRuleId": "rule_chainalysis_high_risk_001",
"createdBy": "user_xyz",
"createdAt": "2024-01-15T10:00:00Z"
}