Skip to main content

Update Custom Rule

PUT 

/api/v32.03/custom-rules/:id

x-prisma-cloud-target-env: {"permission":"policyCustomRules","saas":true,"self-hosted":true}
x-public: true

UpdateCustomRule creates/edits a custom rule

Request

Path Parameters

    id stringrequired

Body

    _id integer

    Rule ID. Must be unique.

    attackTechniques mitre.Technique[]

    Possible values: [exploitationForPrivilegeEscalation,exploitPublicFacingApplication,applicationExploitRCE,networkServiceScanning,endpointDenialOfService,exfiltrationGeneral,systemNetworkConfigurationDiscovery,unsecuredCredentials,credentialDumping,systemInformationDiscovery,systemNetworkConnectionDiscovery,systemUserDiscovery,accountDiscovery,cloudInstanceMetadataAPI,accessKubeletMainAPI,queryKubeletReadonlyAPI,accessKubernetesAPIServer,softwareDeploymentTools,ingressToolTransfer,lateralToolTransfer,commandAndControlGeneral,resourceHijacking,manInTheMiddle,nativeBinaryExecution,foreignBinaryExecution,createAccount,accountManipulation,abuseElevationControlMechanisms,supplyChainCompromise,obfuscatedFiles,hijackExecutionFlow,impairDefences,scheduledTaskJob,exploitationOfRemoteServices,eventTriggeredExecution,accountAccessRemoval,privilegedContainer,writableVolumes,execIntoContainer,softwareDiscovery,createContainer,kubernetesSecrets,fileAndDirectoryDiscovery,masquerading,webShell,compileAfterDelivery]

    List of attack techniques.

    description string

    Description of the rule.

    message string

    Macro that is printed as part of the audit/incident message.

    minVersion string

    Minimum version required to support the rule.

    modified int64

    Datetime when the rule was created or last modified.

    name string

    Name of the rule.

    owner string

    User who created or modified the rule.

    script string

    Custom script.

    type customrules.Type

    Possible values: [processes,filesystem,network-outgoing,kubernetes-audit,waas-request,waas-response]

    Type is the type of the custom rule

    vulnIDs string[]

    VulnIDs is the list of vulnerability IDs

Responses

OK

Loading...