Qodex.ai

Update Bypass Rule Configs

PUT {{cb_url}}/policyservice/v1/orgs/{{cb_org_key}}/policies/{{cb_policy_id}}/rule_configs/bypass

Update parameters for bypass rule configs.

RBAC PERMISSIONS REQUIRED

Permission (.notation name)Operation(s)
org.policiesUPDATE

Request Schema

{
  "id": "string",
  "name": "string",
  "description": "string",
  "inherited_from": "string",
  "category": "string",
  "parameters": {},
  "exclusions": {
    "windows": [
      {
        "id": integer,
        "criteria": [
          {
            "id": integer,
            "type": "string",
            "attributes": [
              {
                "id": integer,
                "name": "string",
                "values": [
                  "string"
                ]
              }
            ]
          }
        ],
        "comments": "string",
        "created_by": "string",
        "created_at": "string",
        "modified_by": "string",
        "modified_at": "string",
        "apply_to_descendent_processes": bool,
        "type": "string"
      }
    ]
  }
}

See Documentation

Request Body

{"id"=>"1c03d653-eca4-4adc-81a1-04b17b6cbffc", "name"=>"Event Reporting and Sensor Operation Exclusions", "description"=>"Allows customers to exclude specific processes and process events from reporting to CBC", "inherited_from"=>"psc:region", "category"=>"bypass", "parameters"=>{}, "exclusions"=>{"windows"=>[{"criteria"=>[{"type"=>"initiator_process", "attributes"=>[{"name"=>"process_name", "values"=>["**\\explorer.exe"]}]}, {"type"=>"operation", "attributes"=>[{"name"=>"operation_type", "values"=>["ALL"]}]}], "comments"=>"", "apply_to_descendent_processes"=>true, "type"=>"ENDPOINT_STANDARD_PROCESS_BYPASS"}]}}

RESPONSES

status: OK

{"successful":[{"id":"1c03d653-eca4-4adc-81a1-04b17b6cbffc","name":"Event Reporting and Sensor Operation Exclusions","description":"Allows customers to exclude specific processes and process events from reporting to CBC","inherited_from":"psc:region","category":"bypass","exclusions":{"windows":[{"id":8124,"criteria":[{"id":13490,"type":"initiator_process","attributes":[{"id":94234,"name":"process_name","values":["**\\explorer.exe"]}]},{"id":13491,"type":"operation","attributes":[{"id":94235,"name":"operation_type","values":["ALL"]}]}],"comments":"","type":"ENDPOINT_STANDARD_PROCESS_BYPASS","apply_to_descendent_processes":true,"created_by":"ABCD1234","created_at":"2024-01-28T15:35:01.153Z","modified_by":"ABCD1234","modified_at":"2024-01-28T15:35:01.153Z"},{"id":8125,"criteria":[{"id":13492,"type":"initiator_process","attributes":[{"id":94236,"name":"process_name","values":["**\\powershell.exe"]}]},{"id":13493,"type":"operation","attributes":[{"id":94237,"name":"operation_type","values":["ALL"]}]}],"comments":"","type":"EVENT_REPORTING_AND_SENSOR_OPERATIONS","apply_to_descendent_processes":true,"created_by":"ABCD1234","created_at":"2024-01-28T15:35:01.163Z","modified_by":"ABCD1234","modified_at":"2024-01-28T15:35:01.163Z"}]}}],"failed":[]}