Add Policy
POST/policy
Adds a new policy.
The request to add a custom policy uses request body parameters that describe the following:
- General policy information, such as name, labels, and severity
- Whether or not the policy is enabled. If you don't specify a value for enabled when you add a policy, the default is enabled=true
- A rule, which identifies a saved search that defines the policy constraints (i.e. RQL query)
- Optional compliance standards
- Optional remediation details
The following are some examples of request body parameters for a request to add a policy. A new custom policy requires a saved search. Specify a saved search ID for the criteria request parameter. You can request a list of exiting saved searches through the endpoint to View Search History.
Note that the request parameters to add a custom config policy require a cloudType. The requests for other policy types default to a cloudType of ALL.
The JSON below is an example of the minimal request body parameters you need to add a config policy:
{
"cloudType": "aws",
"name": "Config test policy",
"policyType": "config",
"rule": {
"criteria": "e1234567-2798-4d1d-a1b0-52d60d49730b",
"name": "test rule",
"parameters": {
"savedSearch": "true"
},
"type": "Config"
},
"severity": "low"
}
The JSON below is an example of the minimal request body parameters you need to add a network policy:
{
"name": "test-network-policy",
"policyType": "network",
"severity": "medium",
"rule": {
"name": "test-network-rule",
"criteria": "c1234567-3a02-4392-a228-327d0db3324d",
"parameters": {
"savedSearch": "true"
},
"type": "Network"
}
}
The JSON below is an example of the minimal request body parameters you need to add an audit event policy:
{
"name":"test-event-policy",
"policyType":"audit_event",
"rule":
{"criteria":"91234567-087a-4318-a9b3-efe6041b87b1",
"name":"test-rule1",
"parameters":{
"savedSearch":"true"
},
"type":"AuditEvent"
},
"severity":"low"
}
The JSON below is an example of the minimal request body parameters you need to add an IAM policy:
{
"cloudType": "ALL",
"name": "test-iam-policy",
"policyType": "IAM",
"rule": {
"criteria": "71234567-7251-4d3b-9be1-cced127fd09d",
"name": "test-iam",
"parameters": {
"savedSearch": "true"
},
"type": "IAM"
},
"severity": "medium"
}
The JSON below is an example of the minimal request body parameters you need to add a config policy that includes a compliance standard:
{
"cloudType": "aws",
"complianceMetadata": [
{
"standardName": "GDPR",
"requirementId": "Chapter 1",
"sectionId": "Article 1",
"customAssigned": true,
"complianceId": "91234567-7ddf-4e44-96fd-95135d9fbc6b",
"requirementName": "General provisions",
"sectionLabel": "Article 1"
}
],
"description": "API test",
"name": "demo",
"policyType": "config",
"rule": {
"criteria": "b1234567-84fc-4443-8cbc-f08f13fba586",
"name": "demo",
"parameters": {
"savedSearch": "true"
},
"type": "Config"
},
"severity": "medium"
}
The JSON below is an example of the request body parameters you need to add a custom build policy:
{
"cloudType": "aws",
"complianceMetadata": [],
"description": "",
"labels": [],
"name": "demo",
"policySubTypes": [
"build"
],
"policyType": "config",
"recommendation": "",
"rule": {
"children": [
"criteria": "{\"category\":\"Storage\",\"resourceTypes\":[\"aws_s3_bucket\"],\"conditionQuery\":{\"attribute\":\"acl\",\"operator\":\"not_equals\",\"value\":\"log-delivery-write\",\"cond_type\":\"attribute\"}}",
"type": "build",
"recommendation": ""
}
],
"name": "demo",
"parameters": {
"savedSearch": "false",
"withIac": "true"
},
"type": "Config"
},
"severity": "low"
}
The JSON below is an example of the minimal request body parameters you need to add a Code Security build config policy:
{
"cloudType": "aws/gcp/azure",
"complianceMetadata": [],
"description": "Code Security build policy",
"labels": [],
"name": "demo",
"policySubTypes": ["build"],
"policyType": "config",
"recommendation": "",
"rule": {
"children": [
{
"metadata": {
"code": "yaml string"
},
"type": "build",
"recommendation": ""
}
],
"name": "demo",
"parameters": {
"savedSearch": "false",
"withIac": "true"
},
"type": "Config"
},
"severity": "low",
"enabled": bool
}
The JSON below is an example of the minimal request body parameters you need to add a Code Security run config policy:
{
"cloudType": "azure",
"complianceMetadata": [],
"description": "Code Security run policy",
"labels": [],
"name": "demo",
"policySubTypes": ["run"],
"policyType": "config",
"recommendation": "",
"rule": {
"children": [
{
"metadata": {
"code": "yaml string"
},
"type": "build",
"recommendation": ""
}
],
"name": "demo",
"parameters": {
"savedSearch": "true",
"withIac": "true"
},
"type": "Config"
},
"severity": "medium",
"enabled": bool
}
Request
- application/json; charset=UTF-8
Body
required
Model for Policy
- Array [
- ]
- Array [
- ]
Possible values: [ALL, AWS, AZURE, GCP, ALIBABA_CLOUD, OCI, IBM]
Cloud type (Required for config policies). Not case-sensitive. Default is ALL.
complianceMetadata object[]
List of compliance data. Each item has compliance standard, requirement, and/or section information.
Compliance Section UUID
Policy ID
Requirement description
Requirement ID
Requirement name
Section name
Section Id
Section Label
Compliance standard description
Compliance standard name
Policy description
true=enabled. false=disabled.
Finding Type
Labels
Policy name
Policy type. Policy type anomaly is read-only.
Remediation recommendation
remediation object
Model for Remediation
actions object[]
Policy Action
CLI Script Template
Description
rule objectrequired
Model for Rule
Saved search ID that defines the rule criteria.
dataCriteria object
Criteria for Rule
Data policy. Required for DLP rule criteria.
Possible values: [private, public, conditional]
File exposure
File extensions
Name
parameters objectrequired
Parameters (e.g. {"savedSearch": "true"})
Possible values: [Config, Network, AuditEvent, DLP, IAM, NetworkConfig]
Type of rule or RQL query
Possible values: [high, medium, low]
Severity
Responses
- 200
- 400
successful operation
- application/json; charset=UTF-8
- Schema
- Example (from schema)
Schema
- Array [
- ]
- Array [
- ]
Possible values: [ALL, AWS, AZURE, GCP, ALIBABA_CLOUD, OCI, IBM]
Cloud type (Required for config policies). Not case-sensitive. Default is ALL.
complianceMetadata object[]
List of compliance data. Each item has compliance standard, requirement, and/or section information.
Compliance Section UUID
Policy ID
Requirement description
Requirement ID
Requirement name
Section name
Section Id
Section Label
Compliance standard description
Compliance standard name
Created by
Created on this timestamp
Deleted
Policy description
true=enabled. false=disabled.
Finding Type
Labels
Last modified by
Last modified on this timestamp
Policy name
Overridden
Policy ID
Policy subtype
Policy type. Policy type anomaly is read-only.
Policy UPI
Read Only
Remediation recommendation
isRemediable
remediation object
Model for Remediation
actions object[]
Policy Action
CLI Script Template
Description
Restrict alert dismissal
rule objectrequired
Model for Rule
API name
Cloud account
Cloud type
Saved search ID that defines the rule criteria.
dataCriteria object
Criteria for Rule
Data policy. Required for DLP rule criteria.
Possible values: [private, public, conditional]
File exposure
File extensions
Name
parameters objectrequired
Parameters (e.g. {"savedSearch": "true"})
Resource ID path
Resource type
Possible values: [Config, Network, AuditEvent, DLP, IAM, NetworkConfig]
Type of rule or RQL query
Rule last modified on
Possible values: [high, medium, low]
Severity
true = Policy is a Prisma Cloud system default policy
{
"cloudType": "ALL",
"complianceMetadata": [
{
"complianceId": "string",
"customAssigned": true,
"policyId": "string",
"requirementDescription": "string",
"requirementId": "string",
"requirementName": "string",
"sectionDescription": "string",
"sectionId": "string",
"sectionLabel": "string",
"standardDescription": "string",
"standardId": "string",
"standardName": "string"
}
],
"createdBy": "string",
"createdOn": 0,
"deleted": true,
"description": "string",
"enabled": true,
"findingTypes": [
"string"
],
"labels": [
"string"
],
"lastModifiedBy": "string",
"lastModifiedOn": 0,
"name": "string",
"overridden": true,
"policyId": "string",
"policySubTypes": [
{}
],
"policyType": {},
"policyUpi": "string",
"readOnly": true,
"recommendation": "string",
"remediable": true,
"remediation": {
"actions": [
{
"operation": "string",
"payload": "string"
}
],
"cliScriptTemplate": "string",
"description": "string"
},
"restrictAlertDismissal": true,
"rule": {
"apiName": "string",
"cloudAccount": "string",
"cloudType": "string",
"criteria": "string",
"dataCriteria": {
"classificationResult": "string",
"exposure": "private",
"extension": [
"string"
]
},
"name": "string",
"parameters": {},
"resourceIdPath": "string",
"resourceType": "string",
"type": "Config"
},
"ruleLastModifiedOn": 0,
"severity": "high",
"systemDefault": true
}
missing_required_parameter / invalid_parameter_value / bad_requestmissing_required_parameter / duplicate_name / invalid_search_cloud_type_for_policy / create_update_disallowed_for_json_schema_type_policy / invalid_ruleremediation_allowed_only_for_config_policies / policy_remediation_disallowed_for_non_sys_admins / unauthorized_access / unable_to_determine_sub_types