Update Host Compliance Policy

PUT 
/api/v32.07/policies/compliance/host

x-prisma-cloud-target-env: {"permission":"policyHosts"}

Updates the compliance policy for hosts protected by Defender. All rules in the policy are updated in a single shot.

This endpoint maps to the policy table in Defend > Compliance > Hosts > Running hosts in the Console UI.

To construct an effective rule for this policy, specify at least one "check" and one effect value. See How to Construct a Compliance Policy for more info.

For a full list of checks, go to Defend > Compliance > Hosts > Running Hosts in the Console UI and create a new rule. All prebuilt checks and their IDs are shown under Compliance actions.

cURL Request

Refer tp the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule:

$ curl 'https://<CONSOLE>/api/v<VERSION>/policies/compliance/host' \
  -k \
  -X PUT \
  -u <USER> \
  -H 'Content-Type: application/json' \
  -d \
'{
   "rules":[
      {
         "name":"my-rule",
         "effect":"alert",
         "collections":[
            {
               "name":"All"
            }
         ],
         "condition":{
            "vulnerabilities":[
               {
                  "id":6151,
                  "block":false
               }
            ]
         }
      }
   ],
   "policyType":"hostCompliance"
}'

Note: No response will be returned upon successful execution.

Request

application/json

Body

_id string

Internal identifier.

policyType common.PolicyType (string)

Possible values: [containerVulnerability,containerCompliance,ciImagesVulnerability,ciImagesCompliance,hostVulnerability,hostCompliance,vmVulnerability,vmCompliance,serverlessCompliance,ciServerlessCompliance,serverlessVulnerability,ciServerlessVulnerability,containerRuntime,appEmbeddedRuntime,containerAppFirewall,hostAppFirewall,outOfBandAppFirewall,agentlessAppFirewall,serverObserverAppFirewall,appEmbeddedAppFirewall,serverlessAppFirewall,networkFirewall,secrets,hostRuntime,serverlessRuntime,kubernetesAudit,trust,admission,codeRepoCompliance,ciCodeRepoCompliance,ciCodeRepoVulnerability,codeRepoVulnerability]

PolicyType represents the type of the policy

rules object[]
Rules holds all policy rules.
Array [
action string (string)[]
Action to take.
alertThreshold object
AlertThreshold is the vulnerability policy alert threshold Threshold values typically vary between 0 and 10 (noninclusive)
disabled boolean
Suppresses alerts for all vulnerabilities (true).
value float
Minimum severity to trigger alerts. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.
allCompliance boolean
Reports the results of all compliance checks (both passed and failed) (true).
auditAllowed boolean
Specifies if Prisma Cloud audits successful transactions.
blockMsg common.PolicyBlockMsg (string)
PolicyBlockMsg represent the block message in a Policy
blockThreshold object
BlockThreshold is the vulnerability policy block threshold Threshold values typically vary between 0 and 10 (noninclusive)
enabled boolean
Enables blocking (true).
value float
Minimum severity to trigger blocking. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.
collections object[]
List of collections. Used to scope the rule.
Array [
accountIDs string (string)[]
List of account IDs.
appIDs string (string)[]
List of application IDs.
clusters string (string)[]
List of Kubernetes cluster names.
color common.Color (string)
Color is a hexadecimal representation of color code value
containers string (string)[]
List of containers.
description string
Free-form text.
functions string (string)[]
List of functions.
hosts string (string)[]
List of hosts.
images string (string)[]
List of images.
labels string (string)[]
List of labels.
modified date-time
Datetime when the collection was last modified.
name string
Collection name. Must be unique.
namespaces string (string)[]
List of Kubernetes namespaces.
owner string
User who created or last modified the collection.
prisma boolean
Indicates whether this collection originates from Prisma Cloud.
system boolean
Indicates whether this collection was created by the system (i.e., a non user) (true) or a real user (false).
]
condition object
Conditions contains rule conditions. Conditions apply only for their respective policy type
device string
Allowed volume host device (wildcard). If a "container create" command specifies a non matching host device, th action is blocked. Only applies to rules in certain policy types.
readonly boolean
Indicates if the condition applies only to read-only commands (i.e., HTTP GET requests) (true) or not (false).
vulnerabilities object[]
Block and scan severity-based vulnerabilities conditions.
Array [
block boolean
Specifies the effect. If true, the effect is block.
id integer
Vulnerability ID.
]
createPR boolean
CreatePR indicates whether to create a pull request for vulnerability fixes (relevant for code repos).
cveRules object[]
List of CVE IDs classified for special handling (also known as exceptions).
Array [
description string
Free-form text for documenting the exception.
effect vuln.Effect (string)
Possible values: [ignore,alert,block]
Effect specifies relevant action for a vulnerability
expiration object
ExpirationDate is the vulnerability expiration date
date date-time
Date is the vulnerability expiration date.
enabled boolean
Enabled indicates that the grace period is enabled.
id string
CVE ID.
]
disabled boolean
Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).
effect common.PolicyEffect (string)
Possible values: [allow,deny,block,alert]
PolicyEffect state the effect of evaluating the given policy
excludeBaseImageVulns boolean
ExcludeBaseImageVulns indicates whether to exclude vulnerabilities coming from the base image.
graceDays integer
Number of days to suppress the rule's block effect. Measured from date the vuln was fixed. If there's no fix, measured from the date the vuln was published.
graceDaysPolicy object
GraceDaysPolicy indicates the grace days policy by severity
critical integer
.
enabled boolean
Enabled is an indication whether the the grace days by severity is enabled.
high integer
.
low integer
.
medium integer
.
group string (string)[]
Applicable groups.
license object
LicenseConfig is the compliance policy license configuration
alertThreshold object
LicenseThreshold is the license severity threshold to indicate whether to perform an action (alert/block) Threshold values typically vary between 0 and 10 (noninclusive)
enabled boolean
Enabled indicates that the action is enabled.
value float
Value is the minimum severity score for which the action is enabled.
blockThreshold object
LicenseThreshold is the license severity threshold to indicate whether to perform an action (alert/block) Threshold values typically vary between 0 and 10 (noninclusive)
enabled boolean
Enabled indicates that the action is enabled.
value float
Value is the minimum severity score for which the action is enabled.
critical string (string)[]
Critical is the list of licenses with critical severity.
high string (string)[]
High is the list of licenses with high severity.
low string (string)[]
Low is the list of licenses with low severity.
medium string (string)[]
Medium is the list of licenses with medium severity.
modified date-time
Specifies the date and time when the rule was last modified.
name string
Name of the rule.
notes string
Describes any noteworthy points for a rule. You can include any text.
onlyFixed boolean
Applies rule only when vendor fixes are available (true).
owner string
User who created or last modified the rule.
pkgTypesThresholds object[]
PkgTypesThresholds holds package type specific alert and block thresholds.
Array [
alertThreshold object
AlertThreshold is the vulnerability policy alert threshold Threshold values typically vary between 0 and 10 (noninclusive)
disabled boolean
Suppresses alerts for all vulnerabilities (true).
value float
Minimum severity to trigger alerts. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.
blockThreshold object
BlockThreshold is the vulnerability policy block threshold Threshold values typically vary between 0 and 10 (noninclusive)
enabled boolean
Enables blocking (true).
value float
Minimum severity to trigger blocking. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.
type packages.Type (string)
Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go,app,unknown]
Type describes the package type
]
previousName string
Previous name of the rule. Required for rule renaming.
principal string (string)[]
Applicable users.
riskFactorsEffects object[]
RiskFactorsEffects indicates the effect (alert/block) of each risk factor.
Array [
effect vuln.Effect (string)
Possible values: [ignore,alert,block]
Effect specifies relevant action for a vulnerability
riskFactor vulnerability.RiskFactor (string)
Possible values: [Critical severity,High severity,Medium severity,Has fix,Remote execution,DoS - Low,DoS - High,Recent vulnerability,Exploit exists - in the wild,Exploit exists - POC,Attack complexity: low,Attack vector: network,Reachable from the internet,Listening ports,Container is running as root,No mandatory security profile applied,Running as privileged container,Package in use,Sensitive information,Root mount,Runtime socket,Host access]
RiskFactor represents a vulnerability risk factor, used in determining a vulnerability risk score
]
tags object[]
List of tags classified for special handling (also known as exceptions).
Array [
description string
Free-form text for documenting the exception.
effect vuln.Effect (string)
Possible values: [ignore,alert,block]
Effect specifies relevant action for a vulnerability
expiration object
ExpirationDate is the vulnerability expiration date
date date-time
Date is the vulnerability expiration date.
enabled boolean
Enabled indicates that the grace period is enabled.
name string
Tag name.
]
verbose boolean
Displays a detailed message when an operation is blocked (true).
]

Responses

200

OK

default

Loading...