Create a detection rule
POST {{baseUrl}}/api/v2/security_monitoring/rules
Create a detection rule.
Request Body
{"name"=>"<string>", "isEnabled"=>"<boolean>", "queries"=>[{"aggregation"=>"max", "distinctFields"=>["<string>", "<string>"], "groupByFields"=>["<string>", "<string>"], "hasOptionalGroupByFields"=>"<boolean>", "metric"=>"<string>", "metrics"=>["<string>", "<string>"], "name"=>"<string>", "query"=>"<string>"}, {"aggregation"=>"geo_data", "distinctFields"=>["<string>", "<string>"], "groupByFields"=>["<string>", "<string>"], "hasOptionalGroupByFields"=>"<boolean>", "metric"=>"<string>", "metrics"=>["<string>", "<string>"], "name"=>"<string>", "query"=>"<string>"}], "options"=>{"complianceRuleOptions"=>{"complexRule"=>"<boolean>", "regoRule"=>{"policy"=>"<string>", "resourceTypes"=>["<string>", "<string>"]}, "resourceType"=>"<string>"}, "decreaseCriticalityBasedOnEnv"=>"<boolean>", "detectionMethod"=>"third_party", "evaluationWindow"=>600, "hardcodedEvaluatorType"=>"log4shell", "impossibleTravelOptions"=>{"baselineUserLocations"=>"<boolean>"}, "keepAlive"=>300, "maxSignalDuration"=>900, "newValueOptions"=>{"forgetAfter"=>7, "learningDuration"=>0, "learningMethod"=>"duration", "learningThreshold"=>0}, "thirdPartyRuleOptions"=>{"defaultNotifications"=>["<string>", "<string>"], "defaultStatus"=>"low", "rootQueries"=>[{"groupByFields"=>["<string>", "<string>"], "query"=>"<string>"}, {"groupByFields"=>["<string>", "<string>"], "query"=>"<string>"}], "signalTitleTemplate"=>"<string>"}}, "cases"=>[{"status"=>"medium", "condition"=>"<string>", "name"=>"<string>", "notifications"=>["<string>", "<string>"]}, {"status"=>"critical", "condition"=>"<string>", "name"=>"<string>", "notifications"=>["<string>", "<string>"]}], "message"=>"<string>", "filters"=>[{"action"=>"require", "query"=>"<string>"}, {"action"=>"suppress", "query"=>"<string>"}], "hasExtendedTitle"=>"<boolean>", "tags"=>["<string>", "<string>"], "thirdPartyCases"=>[{"status"=>"critical", "name"=>"<string>", "notifications"=>["<string>", "<string>"], "query"=>"<string>"}, {"status"=>"info", "name"=>"<string>", "notifications"=>["<string>", "<string>"], "query"=>"<string>"}], "type"=>"log_detection"}
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Content-Type | string | ||
Accept | string |
RESPONSES
status: OK
{"cases":[{"condition":"\u003cstring\u003e","name":"\u003cstring\u003e","notifications":["\u003cstring\u003e","\u003cstring\u003e"],"status":"low"},{"condition":"\u003cstring\u003e","name":"\u003cstring\u003e","notifications":["\u003cstring\u003e","\u003cstring\u003e"],"status":"info"}],"complianceSignalOptions":{"defaultActivationStatus":"\u003cboolean\u003e","defaultGroupByFields":["\u003cstring\u003e","\u003cstring\u003e"],"userActivationStatus":"\u003cboolean\u003e","userGroupByFields":["\u003cstring\u003e","\u003cstring\u003e"]},"createdAt":"\u003clong\u003e","creationAuthorId":"\u003clong\u003e","deprecationDate":"\u003clong\u003e","filters":[{"action":"require","query":"\u003cstring\u003e"},{"action":"require","query":"\u003cstring\u003e"}],"hasExtendedTitle":"\u003cboolean\u003e","id":"\u003cstring\u003e","isDefault":"\u003cboolean\u003e","isDeleted":"\u003cboolean\u003e","isEnabled":"\u003cboolean\u003e","message":"\u003cstring\u003e","name":"\u003cstring\u003e","options":{"complianceRuleOptions":{"complexRule":"\u003cboolean\u003e","regoRule":{"policy":"\u003cstring\u003e","resourceTypes":["\u003cstring\u003e","\u003cstring\u003e"]},"resourceType":"\u003cstring\u003e","ea_a":{},"auted":{},"fugiat1":{}},"decreaseCriticalityBasedOnEnv":"\u003cboolean\u003e","detectionMethod":"threshold","evaluationWindow":0,"hardcodedEvaluatorType":"log4shell","impossibleTravelOptions":{"baselineUserLocations":"\u003cboolean\u003e"},"keepAlive":3600,"maxSignalDuration":900,"newValueOptions":{"forgetAfter":28,"learningDuration":0,"learningMethod":"duration","learningThreshold":0},"thirdPartyRuleOptions":{"defaultNotifications":["\u003cstring\u003e","\u003cstring\u003e"],"defaultStatus":"medium","rootQueries":[{"groupByFields":["\u003cstring\u003e","\u003cstring\u003e"],"query":"\u003cstring\u003e"},{"groupByFields":["\u003cstring\u003e","\u003cstring\u003e"],"query":"\u003cstring\u003e"}],"signalTitleTemplate":"\u003cstring\u003e"}},"queries":[{"aggregation":"max","distinctFields":["\u003cstring\u003e","\u003cstring\u003e"],"groupByFields":["\u003cstring\u003e","\u003cstring\u003e"],"hasOptionalGroupByFields":"\u003cboolean\u003e","metric":"\u003cstring\u003e","metrics":["\u003cstring\u003e","\u003cstring\u003e"],"name":"\u003cstring\u003e","query":"\u003cstring\u003e"},{"aggregation":"geo_data","distinctFields":["\u003cstring\u003e","\u003cstring\u003e"],"groupByFields":["\u003cstring\u003e","\u003cstring\u003e"],"hasOptionalGroupByFields":"\u003cboolean\u003e","metric":"\u003cstring\u003e","metrics":["\u003cstring\u003e","\u003cstring\u003e"],"name":"\u003cstring\u003e","query":"\u003cstring\u003e"}],"tags":["\u003cstring\u003e","\u003cstring\u003e"],"thirdPartyCases":[{"name":"\u003cstring\u003e","notifications":["\u003cstring\u003e","\u003cstring\u003e"],"query":"\u003cstring\u003e","status":"critical"},{"name":"\u003cstring\u003e","notifications":["\u003cstring\u003e","\u003cstring\u003e"],"query":"\u003cstring\u003e","status":"low"}],"type":"cloud_configuration","updateAuthorId":"\u003clong\u003e","version":"\u003clong\u003e"}