Pre-validate Policy Rule

POST 
/policy/rule/validate

Pre-validates a policy rule without creating an actual policy.

The only request body parameters for this request are:

• policyType - Only the following are valid values for policyType:

  • "config"
  • "network"
  • "audit_event"
  • "iam"

• rule - The rule.criteria value is the RQL search query for the rule you want to validate. Validation of this rule implies validation of a policy you might create with this rule.

Only the parameters above apply to this request, and both of these parameters are required.

The JSON below is an example of valid request body parameters:

\{
    "policyType": "config",
    "rule": \{
        "criteria": "config from cloud.resource where cloud.type = '\''azure'\'' AND api.name = '\''azure-security-center-settings'\'' AND json.rule = '\''autoProvisioningSettings[*].name equals default and (autoProvisioningSettings[*].properties.autoProvision equals Off or autoProvisioningSettings[*] does not exist)'\''"
    \}
\}

Request

Responses

200

successful operation

400

missing_required_parameter / saved_search_validation_not_supported / preprocessor_not_allowed_for_policy / invalid_search_type_for_policy / invalid_search_type_for_policy / insufficient_query_for_policy_creation /invalid_hostfinding_type_redlock_in_search_query / invalid_search_cloud_type_for_policy / invalid_azure_resource_group_in_search_query / json_not_supported_in_event_query / anomaly_search_not_supported_in_event_query / rql_validation_service_unavailable / invalid_json_rule