Update policy

Prisma Cloud Code Security supports policy-as-code capabilities using YAML-based policy definition files to enable attribute and connection checks (composite checks).

To use the API request, add your token to the header. API supports both YAML and JSON configuration of Prisma Cloud Code Security custom policy schema)

This API request updates an existing Prisma Cloud Code Security custom policy. The API contains the fields to be edited. Any field not included in the request will remain unchanged. You can use this API request to add fields that were previously not configured. The output will be the id of updated policy. Use the example below as a reference for configuring the API request body.

Path Parameters

• policyId string required
  • the policy Id to update

application/json

Request Body required

• benchmarks object

  property name* object

  Array [

  string

  ]
• category CategoryType

  Possible values: [elasticsearch, general, iam, logging, monitoring, networking, public, secrets, serverless, storage, kubernetes, vulnerabilities, compute, vcs, buildIntegrity, licenses, alibabacloud]

• code object

  anyOf

  • PolicyDefinition
  • MOD2

  ---

  definition object required

  anyOf

  • AttributeQuery
  • ConnectionQuery
  • FilterQuery
  • ComplexQuery

  ---

  attribute string required

  cond_type string required

  Possible values: [attribute]

  operator AttributeOperator required

  Possible values: [within, equals, not_equals, regex_match, not_regex_match, greater_than, greater_than_or_equal, less_than, less_than_or_equal, exists, not_exists, contains, not_contains, starting_with, not_starting_with, ending_with, not_ending_with, jsonpath_equals, jsonpath_not_equals, jsonpath_exists, jsonpath_not_exists, subset, not_subset]

  resource_types object required

  anyOf

  • MOD1
  • MOD2

  ---

  Array [

  string

  ]

  string

  Possible values: [all]

  value object

  anyOf

  • MOD1
  • MOD2
  • MOD3

  ---

  string

  boolean

  Array [

  string

  ]

cond_type string required

Possible values: [connection]

connected_resource_types object required

anyOf

• MOD1
• MOD2

---

Array [

string

]

string

Possible values: [all]

operator string required

Possible values: [exists, not_exists]

resource_types object required

anyOf

• MOD1
• MOD2

---

Array [

string

]

string

Possible values: [all]

attribute string required

Possible values: [resource_type]

cond_type string required

Possible values: [filter]

operator string required

Possible values: [within]

value string[] required

and object[]

Array [

anyOf

• AttributeQuery
• ConnectionQuery
• FilterQuery

---

attribute string required

cond_type string required

Possible values: [attribute]

operator AttributeOperator required

Possible values: [within, equals, not_equals, regex_match, not_regex_match, greater_than, greater_than_or_equal, less_than, less_than_or_equal, exists, not_exists, contains, not_contains, starting_with, not_starting_with, ending_with, not_ending_with, jsonpath_equals, jsonpath_not_equals, jsonpath_exists, jsonpath_not_exists, subset, not_subset]

resource_types object required

anyOf

• MOD1
• MOD2

---

Array [

string

]

string

Possible values: [all]

value object

anyOf

• MOD1
• MOD2
• MOD3

---

string

boolean

Array [

string

]