Update an existing rule
PUT {{baseUrl}}/api/v2/security_monitoring/rules/:rule_id
Update an existing rule. When updating cases, queries or options, the whole field
must be included. For example, when modifying a query all queries must be included.
Default rules can only be updated to be enabled and to change notifications.
Request Body
{"cases"=>[{"condition"=>"<string>", "name"=>"<string>", "notifications"=>["<string>", "<string>"], "status"=>"low"}, {"condition"=>"<string>", "name"=>"<string>", "notifications"=>["<string>", "<string>"], "status"=>"info"}], "complianceSignalOptions"=>{"defaultActivationStatus"=>"<boolean>", "defaultGroupByFields"=>["<string>", "<string>"], "userActivationStatus"=>"<boolean>", "userGroupByFields"=>["<string>", "<string>"]}, "filters"=>[{"action"=>"require", "query"=>"<string>"}, {"action"=>"suppress", "query"=>"<string>"}], "hasExtendedTitle"=>"<boolean>", "isEnabled"=>"<boolean>", "message"=>"<string>", "name"=>"<string>", "options"=>{"complianceRuleOptions"=>{"complexRule"=>"<boolean>", "regoRule"=>{"policy"=>"<string>", "resourceTypes"=>["<string>", "<string>"]}, "resourceType"=>"<string>"}, "decreaseCriticalityBasedOnEnv"=>"<boolean>", "detectionMethod"=>"threshold", "evaluationWindow"=>7200, "hardcodedEvaluatorType"=>"log4shell", "impossibleTravelOptions"=>{"baselineUserLocations"=>"<boolean>"}, "keepAlive"=>600, "maxSignalDuration"=>900, "newValueOptions"=>{"forgetAfter"=>2, "learningDuration"=>0, "learningMethod"=>"duration", "learningThreshold"=>0}, "thirdPartyRuleOptions"=>{"defaultNotifications"=>["<string>", "<string>"], "defaultStatus"=>"high", "rootQueries"=>[{"groupByFields"=>["<string>", "<string>"], "query"=>"<string>"}, {"groupByFields"=>["<string>", "<string>"], "query"=>"<string>"}], "signalTitleTemplate"=>"<string>"}}, "queries"=>[{"aggregation"=>"max", "distinctFields"=>["<string>", "<string>"], "groupByFields"=>["<string>", "<string>"], "hasOptionalGroupByFields"=>"<boolean>", "metric"=>"<string>", "metrics"=>["<string>", "<string>"], "name"=>"<string>", "query"=>"<string>"}, {"aggregation"=>"none", "distinctFields"=>["<string>", "<string>"], "groupByFields"=>["<string>", "<string>"], "hasOptionalGroupByFields"=>"<boolean>", "metric"=>"<string>", "metrics"=>["<string>", "<string>"], "name"=>"<string>", "query"=>"<string>"}], "tags"=>["<string>", "<string>"], "thirdPartyCases"=>[{"name"=>"<string>", "notifications"=>["<string>", "<string>"], "query"=>"<string>", "status"=>"critical"}, {"name"=>"<string>", "notifications"=>["<string>", "<string>"], "query"=>"<string>", "status"=>"info"}], "version"=>"<integer>"}
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Content-Type | string | ||
Accept | string |
RESPONSES
status: OK
{"cases":[{"condition":"\u003cstring\u003e","name":"\u003cstring\u003e","notifications":["\u003cstring\u003e","\u003cstring\u003e"],"status":"low"},{"condition":"\u003cstring\u003e","name":"\u003cstring\u003e","notifications":["\u003cstring\u003e","\u003cstring\u003e"],"status":"info"}],"complianceSignalOptions":{"defaultActivationStatus":"\u003cboolean\u003e","defaultGroupByFields":["\u003cstring\u003e","\u003cstring\u003e"],"userActivationStatus":"\u003cboolean\u003e","userGroupByFields":["\u003cstring\u003e","\u003cstring\u003e"]},"createdAt":"\u003clong\u003e","creationAuthorId":"\u003clong\u003e","deprecationDate":"\u003clong\u003e","filters":[{"action":"require","query":"\u003cstring\u003e"},{"action":"require","query":"\u003cstring\u003e"}],"hasExtendedTitle":"\u003cboolean\u003e","id":"\u003cstring\u003e","isDefault":"\u003cboolean\u003e","isDeleted":"\u003cboolean\u003e","isEnabled":"\u003cboolean\u003e","message":"\u003cstring\u003e","name":"\u003cstring\u003e","options":{"complianceRuleOptions":{"complexRule":"\u003cboolean\u003e","regoRule":{"policy":"\u003cstring\u003e","resourceTypes":["\u003cstring\u003e","\u003cstring\u003e"]},"resourceType":"\u003cstring\u003e","ea_a":{},"auted":{},"fugiat1":{}},"decreaseCriticalityBasedOnEnv":"\u003cboolean\u003e","detectionMethod":"threshold","evaluationWindow":0,"hardcodedEvaluatorType":"log4shell","impossibleTravelOptions":{"baselineUserLocations":"\u003cboolean\u003e"},"keepAlive":3600,"maxSignalDuration":900,"newValueOptions":{"forgetAfter":28,"learningDuration":0,"learningMethod":"duration","learningThreshold":0},"thirdPartyRuleOptions":{"defaultNotifications":["\u003cstring\u003e","\u003cstring\u003e"],"defaultStatus":"medium","rootQueries":[{"groupByFields":["\u003cstring\u003e","\u003cstring\u003e"],"query":"\u003cstring\u003e"},{"groupByFields":["\u003cstring\u003e","\u003cstring\u003e"],"query":"\u003cstring\u003e"}],"signalTitleTemplate":"\u003cstring\u003e"}},"queries":[{"aggregation":"max","distinctFields":["\u003cstring\u003e","\u003cstring\u003e"],"groupByFields":["\u003cstring\u003e","\u003cstring\u003e"],"hasOptionalGroupByFields":"\u003cboolean\u003e","metric":"\u003cstring\u003e","metrics":["\u003cstring\u003e","\u003cstring\u003e"],"name":"\u003cstring\u003e","query":"\u003cstring\u003e"},{"aggregation":"geo_data","distinctFields":["\u003cstring\u003e","\u003cstring\u003e"],"groupByFields":["\u003cstring\u003e","\u003cstring\u003e"],"hasOptionalGroupByFields":"\u003cboolean\u003e","metric":"\u003cstring\u003e","metrics":["\u003cstring\u003e","\u003cstring\u003e"],"name":"\u003cstring\u003e","query":"\u003cstring\u003e"}],"tags":["\u003cstring\u003e","\u003cstring\u003e"],"thirdPartyCases":[{"name":"\u003cstring\u003e","notifications":["\u003cstring\u003e","\u003cstring\u003e"],"query":"\u003cstring\u003e","status":"critical"},{"name":"\u003cstring\u003e","notifications":["\u003cstring\u003e","\u003cstring\u003e"],"query":"\u003cstring\u003e","status":"low"}],"type":"cloud_configuration","updateAuthorId":"\u003clong\u003e","version":"\u003clong\u003e"}