Update Custom Rule

x-prisma-cloud-target-env: {"permission":"policyCustomRules","saas":true,"self-hosted":true}
x-public: true

UpdateCustomRule creates/edits a custom rule

Path Parameters

id string required

application/json

Request Body

_id integer

Rule ID. Must be unique.

attackTechniques mitre.Technique[]

Possible values: [exploitationForPrivilegeEscalation,exploitPublicFacingApplication,applicationExploitRCE,networkServiceScanning,endpointDenialOfService,exfiltrationGeneral,systemNetworkConfigurationDiscovery,unsecuredCredentials,credentialDumping,systemInformationDiscovery,systemNetworkConnectionDiscovery,systemUserDiscovery,accountDiscovery,cloudInstanceMetadataAPI,accessKubeletMainAPI,queryKubeletReadonlyAPI,accessKubernetesAPIServer,softwareDeploymentTools,ingressToolTransfer,lateralToolTransfer,commandAndControlGeneral,resourceHijacking,manInTheMiddle,nativeBinaryExecution,foreignBinaryExecution,createAccount,accountManipulation,abuseElevationControlMechanisms,supplyChainCompromise,obfuscatedFiles,hijackExecutionFlow,impairDefences,scheduledTaskJob,exploitationOfRemoteServices,eventTriggeredExecution,accountAccessRemoval,privilegedContainer,writableVolumes,execIntoContainer,softwareDiscovery,createContainer,kubernetesSecrets,fileAndDirectoryDiscovery,masquerading,webShell,compileAfterDelivery]

List of attack techniques.

description string

Description of the rule.

message string

Macro that is printed as part of the audit/incident message.

minVersion string

Minimum version required to support the rule.

modified int64

Datetime when the rule was created or last modified.

name string

Name of the rule.

owner string

User who created or modified the rule.

script string

Custom script.

type customrules.Type

Possible values: [processes,filesystem,network-outgoing,kubernetes-audit,waas-request,waas-response]

Type is the type of the custom rule

vulnIDs string[]

VulnIDs is the list of vulnerability IDs

Responses

• 200
• default

---

OK

Loading...