Update Alert Rule

PUT /alert/rule/:id

Updates information about the alert rule that has the specified ID.

Request

Path Parameters

id stringrequired

Alert rule ID (also known as the "policyScanConfigId")

application/json; charset=UTF-8

Body

required

Model for Policy Scan Config

alertRuleNotificationConfig object[]

List of data for notifications to third-party tools

Array [

daysOfWeek object[]

Days of week

Array [

day string

Possible values: [SU, MO, TU, WE, TH, FR, SA]

offset int32

]

detailedReport boolean

Provide csv detailed report

enabled boolean

Scan enabled

frequency string

Possible values: [as_it_happens, daily, weekly, monthly]

id string

Alert rule notification config ID

includeRemediation boolean

Include remediation in detailed report

lastUpdated int64

Last Updated

last_sent_ts int64

Time of last notification in milliseconds

recipients string[]

For email notifications: List of unique email addresses to notify
For integrations without notification templates: List of integration ids
For integrations with notification templates: List of notification template ids

rruleSchedule string

templateId string

Template ID

type string

Possible values: [email, slack, splunk, amazon_sqs, jira, microsoft_teams, webhook, aws_security_hub, google_cscc, service_now, pager_duty, azure_service_bus_queue, demisto, aws_s3, snowflake]

Integration type

withCompression boolean

Compress detailed report

]

allowAutoRemediate boolean

Allow Auto-Remediation

delayNotificationMs int64

Delay notifications by the specified milliseconds

description string

Rule/Scan description

enabled boolean

Rule/Scan is enabled

name stringrequired

Rule/Scan name

notifyOnDismissed boolean

include dismissed alerts in notification

notifyOnOpen boolean

include open alerts in notification

notifyOnResolved boolean

include resolved alerts in notification

notifyOnSnoozed boolean

include snoozed alerts in notification

policies string[]

List of specific policies to scan

policyLabels string[]

Policy labels

policyScanConfigId string

Policy Scan Config ID

scanAll boolean

Scan all policies

target objectrequired

Model for Target Filter

accountGroups string[]

List of Account group(s)

alertRulePolicyFilter object

Model for Alert Rule Policy Filter

availablePolicyFilters string[]

List of available Alert Rule Policy Filters

cloud.type string[]

Possible values: [ALL, AWS, AZURE, GCP, ALIBABA_CLOUD, OCI, IBM]

Cloud Type Filter

policy.complianceStandard string[]

Compliance Standard Filter

policy.label string[]

Policy Label Filter

policy.severity string[]

Policy Severity Filter

excludedAccounts string[]

List of excluded accounts

includedResourceLists object

Model for holding the lists resource list ids by resource list type

computeAccessGroupIds string[]

regions string[]

List of regions for which alerts will be triggered for account groups. Alerts not associated with specific regions will be triggered regardless of listed regions. If no regions are specified, then the alerts will be triggered for all regions.

tags object[]

List of TargetTag models (resource tags) for which alerts should be triggered

Array [

key string

Resource tag target

values string[]

List of value(s) for resource tag key

]

Responses

successful operation

application/json; charset=UTF-8

Schema
Example (from schema)

Schema

alertRuleNotificationConfig object[]

List of data for notifications to third-party tools

Array [

dayOfMonth int32

Day of month

daysOfWeek object[]

Days of week

Array [

day string

Possible values: [SU, MO, TU, WE, TH, FR, SA]

offset int32

]

detailedReport boolean

Provide csv detailed report

enabled boolean

Scan enabled

frequency string

Possible values: [as_it_happens, daily, weekly, monthly]

frequencyFromRRule string

Frequency from RRule

hourOfDay int32

Hour of day

id string

Alert rule notification config ID

includeRemediation boolean

Include remediation in detailed report

lastUpdated int64

Last Updated

last_sent_ts int64

Time of last notification in milliseconds

recipients string[]

For email notifications: List of unique email addresses to notify
For integrations without notification templates: List of integration ids
For integrations with notification templates: List of notification template ids

rruleSchedule string

templateId string

Template ID

timezone string

Java time zone ID (e.g. America/Los_Angeles)

type string

Integration type

withCompression boolean

Compress detailed report

]

allowAutoRemediate boolean

Allow Auto-Remediation

delayNotificationMs int64

Delay notifications by the specified milliseconds

description string

Rule/Scan description

enabled boolean

Rule/Scan is enabled

lastModifiedBy string

Last modified by

lastModifiedOn int64

Last modified on this date/time in milliseconds

name stringrequired

Rule/Scan name

notifyOnDismissed boolean

include dismissed alerts in notification

notifyOnOpen boolean

include open alerts in notification

notifyOnResolved boolean

include resolved alerts in notification

notifyOnSnoozed boolean

include snoozed alerts in notification

policies string[]

List of specific policies to scan

policyLabels string[]

Policy labels

policyScanConfigId string

Policy Scan Config ID

scanAll boolean

Scan all policies

target objectrequired

Model for Target Filter

accountGroups string[]

List of Account group(s)

alertRulePolicyFilter object

Model for Alert Rule Policy Filter

availablePolicyFilters string[]

List of available Alert Rule Policy Filters

cloud.type string[]

Possible values: [ALL, AWS, AZURE, GCP, ALIBABA_CLOUD, OCI, IBM]

Cloud Type Filter

policy.complianceStandard string[]

Compliance Standard Filter

policy.label string[]

Policy Label Filter

policy.severity string[]

Policy Severity Filter

excludedAccounts string[]

List of excluded accounts

includedResourceLists object

Model for holding the lists resource list ids by resource list type

computeAccessGroupIds string[]

regions string[]

tags object[]

List of TargetTag models (resource tags) for which alerts should be triggered

Array [

key string

Resource tag target

values string[]

List of value(s) for resource tag key

]

{
  "alertRuleNotificationConfig": [
    {
      "dayOfMonth": 0,
      "daysOfWeek": [
        {
          "day": "SU",
          "offset": 0
        }
      ],
      "detailedReport": true,
      "enabled": true,
      "frequency": "as_it_happens",
      "frequencyFromRRule": "string",
      "hourOfDay": 0,
      "id": "string",
      "includeRemediation": true,
      "lastUpdated": 0,
      "last_sent_ts": 0,
      "recipients": [
        "string"
      ],
      "rruleSchedule": "string",
      "templateId": "string",
      "timezone": "string",
      "type": "email",
      "withCompression": true
    }
  ],
  "allowAutoRemediate": true,
  "delayNotificationMs": 0,
  "description": "string",
  "enabled": true,
  "lastModifiedBy": "string",
  "lastModifiedOn": 0,
  "name": "string",
  "notifyOnDismissed": true,
  "notifyOnOpen": true,
  "notifyOnResolved": true,
  "notifyOnSnoozed": true,
  "policies": [
    "string"
  ],
  "policyLabels": [
    "string"
  ],
  "policyScanConfigId": "string",
  "scanAll": true,
  "target": {
    "accountGroups": [
      "string"
    ],
    "alertRulePolicyFilter": {
      "availablePolicyFilters": [
        "string"
      ],
      "cloud.type": [
        "ALL"
      ],
      "policy.complianceStandard": [
        "string"
      ],
      "policy.label": [
        "string"
      ],
      "policy.severity": [
        "string"
      ]
    },
    "excludedAccounts": [
      "string"
    ],
    "includedResourceLists": {
      "computeAccessGroupIds": [
        "string"
      ]
    },
    "regions": [
      "string"
    ],
    "tags": [
      {
        "key": "string",
        "values": [
          "string"
        ]
      }
    ]
  }
}

Update Alert Rule

/alert/rule/:id

Request​

Path Parameters

Body

Responses​

Request

Responses