Update Bypass Rule Configs
PUT {{cb_url}}/policyservice/v1/orgs/{{cb_org_key}}/policies/{{cb_policy_id}}/rule_configs/bypass
Update parameters for bypass rule configs.
RBAC PERMISSIONS REQUIRED
Permission (.notation name) | Operation(s) |
---|---|
org.policies | UPDATE |
Request Schema
{
"id": "string",
"name": "string",
"description": "string",
"inherited_from": "string",
"category": "string",
"parameters": {},
"exclusions": {
"windows": [
{
"id": integer,
"criteria": [
{
"id": integer,
"type": "string",
"attributes": [
{
"id": integer,
"name": "string",
"values": [
"string"
]
}
]
}
],
"comments": "string",
"created_by": "string",
"created_at": "string",
"modified_by": "string",
"modified_at": "string",
"apply_to_descendent_processes": bool,
"type": "string"
}
]
}
}
Request Body
{"id"=>"1c03d653-eca4-4adc-81a1-04b17b6cbffc", "name"=>"Event Reporting and Sensor Operation Exclusions", "description"=>"Allows customers to exclude specific processes and process events from reporting to CBC", "inherited_from"=>"psc:region", "category"=>"bypass", "parameters"=>{}, "exclusions"=>{"windows"=>[{"criteria"=>[{"type"=>"initiator_process", "attributes"=>[{"name"=>"process_name", "values"=>["**\\explorer.exe"]}]}, {"type"=>"operation", "attributes"=>[{"name"=>"operation_type", "values"=>["ALL"]}]}], "comments"=>"", "apply_to_descendent_processes"=>true, "type"=>"ENDPOINT_STANDARD_PROCESS_BYPASS"}]}}
RESPONSES
status: OK
{"successful":[{"id":"1c03d653-eca4-4adc-81a1-04b17b6cbffc","name":"Event Reporting and Sensor Operation Exclusions","description":"Allows customers to exclude specific processes and process events from reporting to CBC","inherited_from":"psc:region","category":"bypass","exclusions":{"windows":[{"id":8124,"criteria":[{"id":13490,"type":"initiator_process","attributes":[{"id":94234,"name":"process_name","values":["**\\explorer.exe"]}]},{"id":13491,"type":"operation","attributes":[{"id":94235,"name":"operation_type","values":["ALL"]}]}],"comments":"","type":"ENDPOINT_STANDARD_PROCESS_BYPASS","apply_to_descendent_processes":true,"created_by":"ABCD1234","created_at":"2024-01-28T15:35:01.153Z","modified_by":"ABCD1234","modified_at":"2024-01-28T15:35:01.153Z"},{"id":8125,"criteria":[{"id":13492,"type":"initiator_process","attributes":[{"id":94236,"name":"process_name","values":["**\\powershell.exe"]}]},{"id":13493,"type":"operation","attributes":[{"id":94237,"name":"operation_type","values":["ALL"]}]}],"comments":"","type":"EVENT_REPORTING_AND_SENSOR_OPERATIONS","apply_to_descendent_processes":true,"created_by":"ABCD1234","created_at":"2024-01-28T15:35:01.163Z","modified_by":"ABCD1234","modified_at":"2024-01-28T15:35:01.163Z"}]}}],"failed":[]}