Update Custom Rule
x-prisma-cloud-target-env: {"permission":"policyCustomRules","saas":true,"self-hosted":true}
x-public: true
UpdateCustomRule creates/edits a custom rule
Path Parameters
- id string required
- application/json
Request Body
- _id integer
Rule ID. Must be unique.
- attackTechniques mitre.Technique[]
Possible values: [
exploitationForPrivilegeEscalation,exploitPublicFacingApplication,applicationExploitRCE,networkServiceScanning,endpointDenialOfService,exfiltrationGeneral,systemNetworkConfigurationDiscovery,unsecuredCredentials,credentialDumping,systemInformationDiscovery,systemNetworkConnectionDiscovery,systemUserDiscovery,accountDiscovery,cloudInstanceMetadataAPI,accessKubeletMainAPI,queryKubeletReadonlyAPI,accessKubernetesAPIServer,softwareDeploymentTools,ingressToolTransfer,lateralToolTransfer,commandAndControlGeneral,resourceHijacking,manInTheMiddle,nativeBinaryExecution,foreignBinaryExecution,createAccount,accountManipulation,abuseElevationControlMechanisms,supplyChainCompromise,obfuscatedFiles,hijackExecutionFlow,impairDefences,scheduledTaskJob,exploitationOfRemoteServices,eventTriggeredExecution,accountAccessRemoval,privilegedContainer,writableVolumes,execIntoContainer,softwareDiscovery,createContainer,kubernetesSecrets,fileAndDirectoryDiscovery,masquerading,webShell,compileAfterDelivery
]List of attack techniques.
- description string
Description of the rule.
- message string
Macro that is printed as part of the audit/incident message.
- minVersion string
Minimum version required to support the rule.
- modified int64
Datetime when the rule was created or last modified.
- name string
Name of the rule.
- owner string
User who created or modified the rule.
- script string
Custom script.
- type customrules.Type
Possible values: [
processes,filesystem,network-outgoing,kubernetes-audit,waas-request,waas-response
]Type is the type of the custom rule
- vulnIDs string[]
VulnIDs is the list of vulnerability IDs
- 200
- default
OK