Skip to main content

Update Custom Rule

x-prisma-cloud-target-env: {"permission":"policyCustomRules","saas":true,"self-hosted":true}
x-public: true

UpdateCustomRule creates/edits a custom rule

Path Parameters
  • id string required
Request Body
  • _id integer

    Rule ID. Must be unique.

  • attackTechniques mitre.Technique[]

    Possible values: [exploitationForPrivilegeEscalation,exploitPublicFacingApplication,applicationExploitRCE,networkServiceScanning,endpointDenialOfService,exfiltrationGeneral,systemNetworkConfigurationDiscovery,unsecuredCredentials,credentialDumping,systemInformationDiscovery,systemNetworkConnectionDiscovery,systemUserDiscovery,accountDiscovery,cloudInstanceMetadataAPI,accessKubeletMainAPI,queryKubeletReadonlyAPI,accessKubernetesAPIServer,softwareDeploymentTools,ingressToolTransfer,lateralToolTransfer,commandAndControlGeneral,resourceHijacking,manInTheMiddle,nativeBinaryExecution,foreignBinaryExecution,createAccount,accountManipulation,abuseElevationControlMechanisms,supplyChainCompromise,obfuscatedFiles,hijackExecutionFlow,impairDefences,scheduledTaskJob,exploitationOfRemoteServices,eventTriggeredExecution,accountAccessRemoval,privilegedContainer,writableVolumes,execIntoContainer,softwareDiscovery,createContainer,kubernetesSecrets,fileAndDirectoryDiscovery,masquerading,webShell,compileAfterDelivery]

    List of attack techniques.

  • description string

    Description of the rule.

  • message string

    Macro that is printed as part of the audit/incident message.

  • minVersion string

    Minimum version required to support the rule.

  • modified int64

    Datetime when the rule was created or last modified.

  • name string

    Name of the rule.

  • owner string

    User who created or modified the rule.

  • script string

    Custom script.

  • type customrules.Type

    Possible values: [processes,filesystem,network-outgoing,kubernetes-audit,waas-request,waas-response]

    Type is the type of the custom rule

  • vulnIDs string[]

    VulnIDs is the list of vulnerability IDs

Responses

OK

Loading...