Skip to main content

Add Policy

POST 
/policy

Adds a new policy.

The request to add a custom policy uses request body parameters that describe the following:

  • General policy information, such as name, labels, and severity
  • Whether or not the policy is enabled. If you don't specify a value for enabled when you add a policy, the default is enabled=true
  • A rule, which identifies a saved search that defines the policy constraints (i.e. RQL query)
  • Optional compliance standards
  • Optional remediation details

The following are some examples of request body parameters for a request to add a policy. A new custom policy requires a saved search. Specify a saved search ID for the criteria request parameter. You can request a list of exiting saved searches through the endpoint to View Search History.

Note that the request parameters to add a custom config policy require a cloudType. The requests for other policy types default to a cloudType of ALL.

The JSON below is an example of the minimal request body parameters you need to add a config policy:

{
  "cloudType": "aws",
  "name": "Config test policy",
  "policyType": "config",
  "rule": {
    "criteria": "e1234567-2798-4d1d-a1b0-52d60d49730b",
    "name": "test rule",
    "parameters": {
      "savedSearch": "true"
    },
    "type": "Config"
  },
 "severity": "low"
}

The JSON below is an example of the minimal request body parameters you need to add a network policy:

{
  "name": "test-network-policy",
  "policyType": "network",
  "severity": "medium",
  "rule": {
    "name": "test-network-rule",
    "criteria": "c1234567-3a02-4392-a228-327d0db3324d",
    "parameters": {
      "savedSearch": "true"
    },
    "type": "Network"
  }
}

The JSON below is an example of the minimal request body parameters you need to add an audit event policy:

{
  "name":"test-event-policy",
  "policyType":"audit_event",
  "rule":
    {"criteria":"91234567-087a-4318-a9b3-efe6041b87b1",
     "name":"test-rule1",
     "parameters":{
       "savedSearch":"true"
     },
     "type":"AuditEvent"
    },
  "severity":"low"
}

The JSON below is an example of the minimal request body parameters you need to add an IAM policy:

{
  "cloudType": "ALL",
  "name": "test-iam-policy",
  "policyType": "IAM",
  "rule": {
    "criteria": "71234567-7251-4d3b-9be1-cced127fd09d",
    "name": "test-iam",
    "parameters": {
      "savedSearch": "true"
    },
    "type": "IAM"
 },
 "severity": "medium"
}

The JSON below is an example of the minimal request body parameters you need to add a config policy that includes a compliance standard:

{
    "cloudType": "aws",
    "complianceMetadata": [
        {
            "standardName": "GDPR",
            "requirementId": "Chapter 1",
            "sectionId": "Article 1",
            "customAssigned": true,
            "complianceId": "91234567-7ddf-4e44-96fd-95135d9fbc6b",
            "requirementName": "General provisions",
            "sectionLabel": "Article 1"
        }
    ],
    "description": "API test",
    "name": "demo",
    "policyType": "config",
    "rule": {
        "criteria": "b1234567-84fc-4443-8cbc-f08f13fba586",
        "name": "demo",
        "parameters": {
            "savedSearch": "true"
        },
        "type": "Config"
    },
    "severity": "medium"
}

The JSON below is an example of the request body parameters you need to add a custom build policy:

{
    "cloudType": "aws",
    "complianceMetadata": [],
    "description": "",
    "labels": [],
    "name": "demo",
    "policySubTypes": [
        "build"
    ],
    "policyType": "config",
    "recommendation": "",
    "rule": {
        "children": [
            "criteria": "{\"category\":\"Storage\",\"resourceTypes\":[\"aws_s3_bucket\"],\"conditionQuery\":{\"attribute\":\"acl\",\"operator\":\"not_equals\",\"value\":\"log-delivery-write\",\"cond_type\":\"attribute\"}}",
            "type": "build",
            "recommendation": ""
        }
        ],
        "name": "demo",
        "parameters": {
            "savedSearch": "false",
            "withIac": "true"
        },
        "type": "Config"
    },
    "severity": "low"
}

The JSON below is an example of the minimal request body parameters you need to add a Code Security build config policy:

{
    "cloudType": "aws/gcp/azure",
    "complianceMetadata": [],
    "description": "Code Security build policy",
    "labels": [],
    "name": "demo",
    "policySubTypes": ["build"],
    "policyType": "config",
    "recommendation": "",
    "rule": {
        "children": [
            {
                "metadata": {
                    "code": "yaml string"
                },
                "type": "build",
                "recommendation": ""
            }
        ],
        "name": "demo",
        "parameters": {
            "savedSearch": "false",
            "withIac": "true"
        },
        "type": "Config"
    },
    "severity": "low",
    "enabled": bool
}

The JSON below is an example of the minimal request body parameters you need to add a Code Security run config policy:

{
    "cloudType": "azure",
    "complianceMetadata": [],
    "description": "Code Security run policy",
    "labels": [],
    "name": "demo",
    "policySubTypes": ["run"],
    "policyType": "config",
    "recommendation": "",
    "rule": {
        "children": [
            {
                "metadata": {
                    "code": "yaml string"
                },
                "type": "build",
                "recommendation": ""
            }
        ],
        "name": "demo",
        "parameters": {
            "savedSearch": "true",
            "withIac": "true"
        },
        "type": "Config"
    },
    "severity": "medium",
    "enabled": bool
}

Request

Responses

successful operation