Skip to main content

Add Policy

POST 

/policy

Adds a new policy.

The request to add a custom policy uses request body parameters that describe the following:

  • General policy information, such as name, labels, and severity
  • Whether or not the policy is enabled. If you don't specify a value for enabled when you add a policy, the default is enabled=true
  • A rule, which identifies a saved search that defines the policy constraints (i.e. RQL query)
  • Optional compliance standards
  • Optional remediation details

The following are some examples of request body parameters for a request to add a policy. A new custom policy requires a saved search. Specify a saved search ID for the criteria request parameter. You can request a list of exiting saved searches through the endpoint to View Search History.

Note that the request parameters to add a custom config policy require a cloudType. The requests for other policy types default to a cloudType of ALL.

The JSON below is an example of the minimal request body parameters you need to add a config policy:

{
"cloudType": "aws",
"name": "Config test policy",
"policyType": "config",
"rule": {
"criteria": "e1234567-2798-4d1d-a1b0-52d60d49730b",
"name": "test rule",
"parameters": {
"savedSearch": "true"
},
"type": "Config"
},
"severity": "low"
}

The JSON below is an example of the minimal request body parameters you need to add a network policy:

{
"name": "test-network-policy",
"policyType": "network",
"severity": "medium",
"rule": {
"name": "test-network-rule",
"criteria": "c1234567-3a02-4392-a228-327d0db3324d",
"parameters": {
"savedSearch": "true"
},
"type": "Network"
}
}

The JSON below is an example of the minimal request body parameters you need to add an audit event policy:

{
"name":"test-event-policy",
"policyType":"audit_event",
"rule":
{"criteria":"91234567-087a-4318-a9b3-efe6041b87b1",
"name":"test-rule1",
"parameters":{
"savedSearch":"true"
},
"type":"AuditEvent"
},
"severity":"low"
}

The JSON below is an example of the minimal request body parameters you need to add an IAM policy:

{
"cloudType": "ALL",
"name": "test-iam-policy",
"policyType": "IAM",
"rule": {
"criteria": "71234567-7251-4d3b-9be1-cced127fd09d",
"name": "test-iam",
"parameters": {
"savedSearch": "true"
},
"type": "IAM"
},
"severity": "medium"
}

The JSON below is an example of the minimal request body parameters you need to add a config policy that includes a compliance standard:

{
"cloudType": "aws",
"complianceMetadata": [
{
"standardName": "GDPR",
"requirementId": "Chapter 1",
"sectionId": "Article 1",
"customAssigned": true,
"complianceId": "91234567-7ddf-4e44-96fd-95135d9fbc6b",
"requirementName": "General provisions",
"sectionLabel": "Article 1"
}
],
"description": "API test",
"name": "demo",
"policyType": "config",
"rule": {
"criteria": "b1234567-84fc-4443-8cbc-f08f13fba586",
"name": "demo",
"parameters": {
"savedSearch": "true"
},
"type": "Config"
},
"severity": "medium"
}

The JSON below is an example of the request body parameters you need to add a custom build policy:

{
"cloudType": "aws",
"complianceMetadata": [],
"description": "",
"labels": [],
"name": "demo",
"policySubTypes": [
"build"
],
"policyType": "config",
"recommendation": "",
"rule": {
"children": [
"criteria": "{\"category\":\"Storage\",\"resourceTypes\":[\"aws_s3_bucket\"],\"conditionQuery\":{\"attribute\":\"acl\",\"operator\":\"not_equals\",\"value\":\"log-delivery-write\",\"cond_type\":\"attribute\"}}",
"type": "build",
"recommendation": ""
}
],
"name": "demo",
"parameters": {
"savedSearch": "false",
"withIac": "true"
},
"type": "Config"
},
"severity": "low"
}

The JSON below is an example of the minimal request body parameters you need to add a Code Security build config policy:

{
"cloudType": "aws/gcp/azure",
"complianceMetadata": [],
"description": "Code Security build policy",
"labels": [],
"name": "demo",
"policySubTypes": ["build"],
"policyType": "config",
"recommendation": "",
"rule": {
"children": [
{
"metadata": {
"code": "yaml string"
},
"type": "build",
"recommendation": ""
}
],
"name": "demo",
"parameters": {
"savedSearch": "false",
"withIac": "true"
},
"type": "Config"
},
"severity": "low",
"enabled": bool
}

The JSON below is an example of the minimal request body parameters you need to add a Code Security run config policy:

{
"cloudType": "azure",
"complianceMetadata": [],
"description": "Code Security run policy",
"labels": [],
"name": "demo",
"policySubTypes": ["run"],
"policyType": "config",
"recommendation": "",
"rule": {
"children": [
{
"metadata": {
"code": "yaml string"
},
"type": "build",
"recommendation": ""
}
],
"name": "demo",
"parameters": {
"savedSearch": "true",
"withIac": "true"
},
"type": "Config"
},
"severity": "medium",
"enabled": bool
}

Request

Body

required

Model for Policy

    cloudType string

    Possible values: [ALL, AWS, AZURE, GCP, ALIBABA_CLOUD, OCI, IBM]

    Cloud type (Required for config policies). Not case-sensitive. Default is ALL.

    complianceMetadata object[]

    List of compliance data. Each item has compliance standard, requirement, and/or section information.

  • Array [
  • complianceId string

    Compliance Section UUID

    customAssigned boolean
    policyId string

    Policy ID

    requirementDescription string

    Requirement description

    requirementId string

    Requirement ID

    requirementName string

    Requirement name

    sectionDescription string

    Section name

    sectionId string

    Section Id

    sectionLabel string

    Section Label

    standardDescription string

    Compliance standard description

    standardId string
    standardName string

    Compliance standard name

  • ]
  • description string

    Policy description

    enabled boolean

    true=enabled. false=disabled.

    findingTypes string[]

    Finding Type

    labels string[]

    Labels

    name stringrequired

    Policy name

    policyType stringrequired

    Possible values: [config, network, audit_event, anomaly, data, iam, workload_vulnerability, workload_incident, api, attack_path, malware, grayware]

    Policy type. Policy type anomaly is read-only.

    recommendation string

    Remediation recommendation

    remediation object

    Model for Remediation

    actions object[]

    Policy Action

  • Array [
  • operation string
    payload string
  • ]
  • cliScriptTemplate string

    CLI Script Template

    description string

    Description

    rule objectrequired

    Model for Rule

    criteria stringrequired

    Saved search ID that defines the rule criteria.

    dataCriteria object

    Criteria for Rule

    classificationResult string

    Data policy. Required for DLP rule criteria.

    exposure string

    Possible values: [private, public, conditional]

    File exposure

    extension string[]

    File extensions

    name stringrequired

    Name

    parameters objectrequired

    Parameters (e.g. {"savedSearch": "true"})

    property name* string
    type stringrequired

    Possible values: [Config, Network, AuditEvent, DLP, IAM, NetworkConfig]

    Type of rule or RQL query

    severity stringrequired

    Possible values: [high, medium, low]

    Severity

Responses

successful operation

Schema
    cloudType string

    Possible values: [ALL, AWS, AZURE, GCP, ALIBABA_CLOUD, OCI, IBM]

    Cloud type (Required for config policies). Not case-sensitive. Default is ALL.

    complianceMetadata object[]

    List of compliance data. Each item has compliance standard, requirement, and/or section information.

  • Array [
  • complianceId string

    Compliance Section UUID

    customAssigned boolean
    policyId string

    Policy ID

    requirementDescription string

    Requirement description

    requirementId string

    Requirement ID

    requirementName string

    Requirement name

    sectionDescription string

    Section name

    sectionId string

    Section Id

    sectionLabel string

    Section Label

    standardDescription string

    Compliance standard description

    standardId string
    standardName string

    Compliance standard name

  • ]
  • createdBy string

    Created by

    createdOn int64

    Created on this timestamp

    deleted boolean

    Deleted

    description string

    Policy description

    enabled boolean

    true=enabled. false=disabled.

    findingTypes string[]

    Finding Type

    labels string[]

    Labels

    lastModifiedBy string

    Last modified by

    lastModifiedOn int64

    Last modified on this timestamp

    name stringrequired

    Policy name

    overridden boolean

    Overridden

    policyId string

    Policy ID

    policySubTypes string[]

    Possible values: [run, build, run_and_build, audit, data_classification, dns, malware, network_event, network, ueba, permissions, network_config, identity, sensitive_data_exposure, internet_exposure, injections, vulnerability_scanning, shellshock, known_bots, unknown_bots, virtual_patches, event, misconfig_and_event, misconfig, host, container_image]

    Policy subtype

    policyType stringrequired

    Possible values: [config, network, audit_event, anomaly, data, iam, workload_vulnerability, workload_incident, api, attack_path, malware, grayware]

    Policy type. Policy type anomaly is read-only.

    policyUpi string

    Policy UPI

    recommendation string

    Remediation recommendation

    remediable boolean

    isRemediable

    remediation object

    Model for Remediation

    actions object[]

    Policy Action

  • Array [
  • operation string
    payload string
  • ]
  • cliScriptTemplate string

    CLI Script Template

    description string

    Description

    restrictAlertDismissal boolean

    Restrict alert dismissal

    rule objectrequired

    Model for Rule

    apiName string

    API name

    cloudAccount string

    Cloud account

    cloudType string

    Cloud type

    criteria stringrequired

    Saved search ID that defines the rule criteria.

    dataCriteria object

    Criteria for Rule

    classificationResult string

    Data policy. Required for DLP rule criteria.

    exposure string

    Possible values: [private, public, conditional]

    File exposure

    extension string[]

    File extensions

    name stringrequired

    Name

    parameters objectrequired

    Parameters (e.g. {"savedSearch": "true"})

    property name* string
    resourceIdPath string

    Resource ID path

    resourceType string

    Resource type

    type stringrequired

    Possible values: [Config, Network, AuditEvent, DLP, IAM, NetworkConfig]

    Type of rule or RQL query

    ruleLastModifiedOn int64

    Rule last modified on

    severity stringrequired

    Possible values: [high, medium, low]

    Severity

    systemDefault boolean

    true = Policy is a Prisma Cloud system default policy

Loading...