Update a Custom Rule
PUT/api/v33.01/custom-rules/:id
x-prisma-cloud-target-env: {"permission":"policyCustomRules"}
Creates or updates a custom rule.
To invoke this endpoint in the Console UI:
- Navigate to Defend > Custom rules.
- Click + Add rule or the dotted icon under the Actions column and choose to the Manage cog icon to open the update window.
- Configure the custom rule's parameters.
- Click the Add or Update button to save the changes.
cURL Request
Refer to the following example cURL command that updates a custom rule.
$ curl 'https://<CONSOLE>/api/v<VERSION>/custom-rules/{id}' \
-k \
-X PUT \
-u <USER> \
-H 'Content-Type: application/json' \
-d \
'{
"_id":{id},
"type":"processes",
"message":"unexpected %proc.name was spawned",
"name":"<CUSTOM_RULE_NAME>",
"script":"proc.interactive"
}'
Note: No response will be returned upon successful execution.
Request
Path Parameters
- application/json
Body
Rule ID. Must be unique.
Possible values: [exploitationForPrivilegeEscalation,exploitPublicFacingApplication,applicationExploitRCE,networkServiceScanning,endpointDenialOfService,exfiltrationGeneral,systemNetworkConfigurationDiscovery,unsecuredCredentials,credentialDumping,systemInformationDiscovery,systemNetworkConnectionDiscovery,systemUserDiscovery,accountDiscovery,cloudInstanceMetadataAPI,accessKubeletMainAPI,queryKubeletReadonlyAPI,accessKubernetesAPIServer,softwareDeploymentTools,ingressToolTransfer,lateralToolTransfer,commandAndControlGeneral,resourceHijacking,manInTheMiddle,nativeBinaryExecution,foreignBinaryExecution,createAccount,accountManipulation,abuseElevationControlMechanisms,supplyChainCompromise,obfuscatedFiles,hijackExecutionFlow,impairDefences,scheduledTaskJob,exploitationOfRemoteServices,eventTriggeredExecution,accountAccessRemoval,privilegedContainer,writableVolumes,execIntoContainer,softwareDiscovery,createContainer,kubernetesSecrets,fileAndDirectoryDiscovery,masquerading,webShell,compileAfterDelivery
]
List of attack techniques.
Description of the rule.
Macro that is printed as part of the audit/incident message.
Minimum version required to support the rule.
Datetime when the rule was created or last modified.
Name of the rule.
User who created or modified the rule.
Custom script.
Possible values: [processes,filesystem,network-outgoing,kubernetes-audit,waas-request,waas-response
]
Type is the type of the custom rule
VulnIDs is the list of vulnerability IDs
Responses
- 200
- default
OK