Back to Collection Items
Use ChilkatAx-9.5.0-win32.pkg
Procedure Test
Handle hoHttp
Boolean iSuccess
Handle hoJson
Variant vSbRequestBody
Handle hoSbRequestBody
Variant vResp
Handle hoResp
Variant vSbResponseBody
Handle hoSbResponseBody
Handle hoJResp
Integer iRespStatusCode
String sCondition
String sStatus
Integer j
Integer iCount_j
String sStrVal
String sAction
String sQuery
String sAggregation
String sMetric
String sDefaultActivationStatus
String sUserActivationStatus
String sCreatedAt
String sCreationAuthorId
String sDeprecationDate
String sHasExtendedTitle
String sId
String sIsDefault
String sIsDeleted
String sIsEnabled
String sMessage
String sName
String sComplexRule
String sPolicy
String sResourceType
String sDecreaseCriticalityBasedOnEnv
String sDetectionMethod
Integer iEvaluationWindow
String sHardcodedEvaluatorType
String sBaselineUserLocations
Integer iKeepAlive
Integer iMaxSignalDuration
Integer iForgetAfter
Integer iLearningDuration
String sLearningMethod
Integer iLearningThreshold
String sV_type
String sUpdateAuthorId
String sVersion
Integer i
Integer iCount_i
String sTemp1
Boolean bTemp1
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
Get Create (RefClass(cComChilkatHttp)) To hoHttp
If (Not(IsComObjectCreated(hoHttp))) Begin
Send CreateComObject of hoHttp
End
// Use this online tool to generate code from sample JSON: Generate Code to Create JSON
// The following JSON is sent in the request body.
// {
// "cases": [
// {
// "condition": "<string>",
// "name": "<string>",
// "notifications": [
// "<string>",
// "<string>"
// ],
// "status": "critical"
// },
// {
// "condition": "<string>",
// "name": "<string>",
// "notifications": [
// "<string>",
// "<string>"
// ],
// "status": "critical"
// }
// ],
// "complianceSignalOptions": {
// "defaultActivationStatus": "<boolean>",
// "defaultGroupByFields": [
// "<string>",
// "<string>"
// ],
// "userActivationStatus": "<boolean>",
// "userGroupByFields": [
// "<string>",
// "<string>"
// ]
// },
// "filters": [
// {
// "action": "suppress",
// "query": "<string>"
// },
// {
// "action": "suppress",
// "query": "<string>"
// }
// ],
// "hasExtendedTitle": "<boolean>",
// "isEnabled": "<boolean>",
// "message": "<string>",
// "name": "<string>",
// "options": {
// "complianceRuleOptions": {
// "complexRule": "<boolean>",
// "regoRule": {
// "policy": "<string>",
// "resourceTypes": [
// "<string>",
// "<string>"
// ]
// },
// "resourceType": "<string>",
// "nisic3": {}
// },
// "decreaseCriticalityBasedOnEnv": "<boolean>",
// "detectionMethod": "third_party",
// "evaluationWindow": 3600,
// "hardcodedEvaluatorType": "log4shell",
// "impossibleTravelOptions": {
// "baselineUserLocations": "<boolean>"
// },
// "keepAlive": 10800,
// "maxSignalDuration": 21600,
// "newValueOptions": {
// "forgetAfter": 28,
// "learningDuration": 0,
// "learningMethod": "duration",
// "learningThreshold": 0
// }
// },
// "queries": [
// {
// "aggregation": "max",
// "distinctFields": [
// "<string>",
// "<string>"
// ],
// "groupByFields": [
// "<string>",
// "<string>"
// ],
// "metric": "<string>",
// "metrics": [
// "<string>",
// "<string>"
// ],
// "name": "<string>",
// "query": "<string>"
// },
// {
// "aggregation": "geo_data",
// "distinctFields": [
// "<string>",
// "<string>"
// ],
// "groupByFields": [
// "<string>",
// "<string>"
// ],
// "metric": "<string>",
// "metrics": [
// "<string>",
// "<string>"
// ],
// "name": "<string>",
// "query": "<string>"
// }
// ],
// "tags": [
// "<string>",
// "<string>"
// ],
// "version": "<integer>"
// }
Get Create (RefClass(cComChilkatJsonObject)) To hoJson
If (Not(IsComObjectCreated(hoJson))) Begin
Send CreateComObject of hoJson
End
Get ComUpdateString Of hoJson "cases[0].condition" "<string>" To iSuccess
Get ComUpdateString Of hoJson "cases[0].name" "<string>" To iSuccess
Get ComUpdateString Of hoJson "cases[0].notifications[0]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "cases[0].notifications[1]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "cases[0].status" "critical" To iSuccess
Get ComUpdateString Of hoJson "cases[1].condition" "<string>" To iSuccess
Get ComUpdateString Of hoJson "cases[1].name" "<string>" To iSuccess
Get ComUpdateString Of hoJson "cases[1].notifications[0]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "cases[1].notifications[1]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "cases[1].status" "critical" To iSuccess
Get ComUpdateString Of hoJson "complianceSignalOptions.defaultActivationStatus" "<boolean>" To iSuccess
Get ComUpdateString Of hoJson "complianceSignalOptions.defaultGroupByFields[0]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "complianceSignalOptions.defaultGroupByFields[1]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "complianceSignalOptions.userActivationStatus" "<boolean>" To iSuccess
Get ComUpdateString Of hoJson "complianceSignalOptions.userGroupByFields[0]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "complianceSignalOptions.userGroupByFields[1]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "filters[0].action" "suppress" To iSuccess
Get ComUpdateString Of hoJson "filters[0].query" "<string>" To iSuccess
Get ComUpdateString Of hoJson "filters[1].action" "suppress" To iSuccess
Get ComUpdateString Of hoJson "filters[1].query" "<string>" To iSuccess
Get ComUpdateString Of hoJson "hasExtendedTitle" "<boolean>" To iSuccess
Get ComUpdateString Of hoJson "isEnabled" "<boolean>" To iSuccess
Get ComUpdateString Of hoJson "message" "<string>" To iSuccess
Get ComUpdateString Of hoJson "name" "<string>" To iSuccess
Get ComUpdateString Of hoJson "options.complianceRuleOptions.complexRule" "<boolean>" To iSuccess
Get ComUpdateString Of hoJson "options.complianceRuleOptions.regoRule.policy" "<string>" To iSuccess
Get ComUpdateString Of hoJson "options.complianceRuleOptions.regoRule.resourceTypes[0]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "options.complianceRuleOptions.regoRule.resourceTypes[1]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "options.complianceRuleOptions.resourceType" "<string>" To iSuccess
Get ComUpdateNewObject Of hoJson "options.complianceRuleOptions.nisic3" To iSuccess
Get ComUpdateString Of hoJson "options.decreaseCriticalityBasedOnEnv" "<boolean>" To iSuccess
Get ComUpdateString Of hoJson "options.detectionMethod" "third_party" To iSuccess
Get ComUpdateInt Of hoJson "options.evaluationWindow" 3600 To iSuccess
Get ComUpdateString Of hoJson "options.hardcodedEvaluatorType" "log4shell" To iSuccess
Get ComUpdateString Of hoJson "options.impossibleTravelOptions.baselineUserLocations" "<boolean>" To iSuccess
Get ComUpdateInt Of hoJson "options.keepAlive" 10800 To iSuccess
Get ComUpdateInt Of hoJson "options.maxSignalDuration" 21600 To iSuccess
Get ComUpdateInt Of hoJson "options.newValueOptions.forgetAfter" 28 To iSuccess
Get ComUpdateInt Of hoJson "options.newValueOptions.learningDuration" 0 To iSuccess
Get ComUpdateString Of hoJson "options.newValueOptions.learningMethod" "duration" To iSuccess
Get ComUpdateInt Of hoJson "options.newValueOptions.learningThreshold" 0 To iSuccess
Get ComUpdateString Of hoJson "queries[0].aggregation" "max" To iSuccess
Get ComUpdateString Of hoJson "queries[0].distinctFields[0]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "queries[0].distinctFields[1]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "queries[0].groupByFields[0]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "queries[0].groupByFields[1]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "queries[0].metric" "<string>" To iSuccess
Get ComUpdateString Of hoJson "queries[0].metrics[0]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "queries[0].metrics[1]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "queries[0].name" "<string>" To iSuccess
Get ComUpdateString Of hoJson "queries[0].query" "<string>" To iSuccess
Get ComUpdateString Of hoJson "queries[1].aggregation" "geo_data" To iSuccess
Get ComUpdateString Of hoJson "queries[1].distinctFields[0]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "queries[1].distinctFields[1]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "queries[1].groupByFields[0]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "queries[1].groupByFields[1]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "queries[1].metric" "<string>" To iSuccess
Get ComUpdateString Of hoJson "queries[1].metrics[0]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "queries[1].metrics[1]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "queries[1].name" "<string>" To iSuccess
Get ComUpdateString Of hoJson "queries[1].query" "<string>" To iSuccess
Get ComUpdateString Of hoJson "tags[0]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "tags[1]" "<string>" To iSuccess
Get ComUpdateString Of hoJson "version" "<integer>" To iSuccess
Send ComSetRequestHeader To hoHttp "Content-Type" "application/json"
Send ComSetRequestHeader To hoHttp "Accept" "application/json"
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbRequestBody
If (Not(IsComObjectCreated(hoSbRequestBody))) Begin
Send CreateComObject of hoSbRequestBody
End
Get pvComObject of hoSbRequestBody to vSbRequestBody
Get ComEmitSb Of hoJson vSbRequestBody To iSuccess
Get pvComObject of hoSbRequestBody to vSbRequestBody
Get ComPTextSb Of hoHttp "PUT" "https://api.app.ddog-gov.com/api/v2/security_monitoring/rules/:rule_id" vSbRequestBody "utf-8" "application/json" False False To vResp
If (IsComObject(vResp)) Begin
Get Create (RefClass(cComChilkatHttpResponse)) To hoResp
Set pvComObject Of hoResp To vResp
End
Get ComLastMethodSuccess Of hoHttp To bTemp1
If (bTemp1 = False) Begin
Get ComLastErrorText Of hoHttp To sTemp1
Showln sTemp1
Procedure_Return
End
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbResponseBody
If (Not(IsComObjectCreated(hoSbResponseBody))) Begin
Send CreateComObject of hoSbResponseBody
End
Get pvComObject of hoSbResponseBody to vSbResponseBody
Get ComGetBodySb Of hoResp vSbResponseBody To iSuccess
Get Create (RefClass(cComChilkatJsonObject)) To hoJResp
If (Not(IsComObjectCreated(hoJResp))) Begin
Send CreateComObject of hoJResp
End
Get pvComObject of hoSbResponseBody to vSbResponseBody
Get ComLoadSb Of hoJResp vSbResponseBody To iSuccess
Set ComEmitCompact Of hoJResp To False
Showln "Response Body:"
Get ComEmit Of hoJResp To sTemp1
Showln sTemp1
Get ComStatusCode Of hoResp To iRespStatusCode
Showln "Response Status Code = " iRespStatusCode
If (iRespStatusCode >= 400) Begin
Showln "Response Header:"
Get ComHeader Of hoResp To sTemp1
Showln sTemp1
Showln "Failed."
Send Destroy of hoResp
Procedure_Return
End
Send Destroy of hoResp
// Sample JSON response:
// (Sample code for parsing the JSON response is shown below)
// {
// "cases": [
// {
// "condition": "<string>",
// "name": "<string>",
// "notifications": [
// "<string>",
// "<string>"
// ],
// "status": "medium"
// },
// {
// "condition": "<string>",
// "name": "<string>",
// "notifications": [
// "<string>",
// "<string>"
// ],
// "status": "critical"
// }
// ],
// "complianceSignalOptions": {
// "defaultActivationStatus": "<boolean>",
// "defaultGroupByFields": [
// "<string>",
// "<string>"
// ],
// "userActivationStatus": "<boolean>",
// "userGroupByFields": [
// "<string>",
// "<string>"
// ]
// },
// "createdAt": "<long>",
// "creationAuthorId": "<long>",
// "deprecationDate": "<long>",
// "filters": [
// {
// "action": "suppress",
// "query": "<string>"
// },
// {
// "action": "require",
// "query": "<string>"
// }
// ],
// "hasExtendedTitle": "<boolean>",
// "id": "<string>",
// "isDefault": "<boolean>",
// "isDeleted": "<boolean>",
// "isEnabled": "<boolean>",
// "message": "<string>",
// "name": "<string>",
// "options": {
// "complianceRuleOptions": {
// "complexRule": "<boolean>",
// "regoRule": {
// "policy": "<string>",
// "resourceTypes": [
// "<string>",
// "<string>"
// ]
// },
// "resourceType": "<string>"
// },
// "decreaseCriticalityBasedOnEnv": "<boolean>",
// "detectionMethod": "third_party",
// "evaluationWindow": 300,
// "hardcodedEvaluatorType": "log4shell",
// "impossibleTravelOptions": {
// "baselineUserLocations": "<boolean>"
// },
// "keepAlive": 300,
// "maxSignalDuration": 900,
// "newValueOptions": {
// "forgetAfter": 28,
// "learningDuration": 0,
// "learningMethod": "duration",
// "learningThreshold": 0
// }
// },
// "queries": [
// {
// "aggregation": "max",
// "distinctFields": [
// "<string>",
// "<string>"
// ],
// "groupByFields": [
// "<string>",
// "<string>"
// ],
// "metric": "<string>",
// "metrics": [
// "<string>",
// "<string>"
// ],
// "name": "<string>",
// "query": "<string>"
// },
// {
// "aggregation": "max",
// "distinctFields": [
// "<string>",
// "<string>"
// ],
// "groupByFields": [
// "<string>",
// "<string>"
// ],
// "metric": "<string>",
// "metrics": [
// "<string>",
// "<string>"
// ],
// "name": "<string>",
// "query": "<string>"
// }
// ],
// "tags": [
// "<string>",
// "<string>"
// ],
// "type": "application_security",
// "updateAuthorId": "<long>",
// "version": "<long>"
// }
// Sample code for parsing the JSON response...
// Use this online tool to generate parsing code from sample JSON: Generate JSON Parsing Code
Get ComStringOf Of hoJResp "complianceSignalOptions.defaultActivationStatus" To sDefaultActivationStatus
Get ComStringOf Of hoJResp "complianceSignalOptions.userActivationStatus" To sUserActivationStatus
Get ComStringOf Of hoJResp "createdAt" To sCreatedAt
Get ComStringOf Of hoJResp "creationAuthorId" To sCreationAuthorId
Get ComStringOf Of hoJResp "deprecationDate" To sDeprecationDate
Get ComStringOf Of hoJResp "hasExtendedTitle" To sHasExtendedTitle
Get ComStringOf Of hoJResp "id" To sId
Get ComStringOf Of hoJResp "isDefault" To sIsDefault
Get ComStringOf Of hoJResp "isDeleted" To sIsDeleted
Get ComStringOf Of hoJResp "isEnabled" To sIsEnabled
Get ComStringOf Of hoJResp "message" To sMessage
Get ComStringOf Of hoJResp "name" To sName
Get ComStringOf Of hoJResp "options.complianceRuleOptions.complexRule" To sComplexRule
Get ComStringOf Of hoJResp "options.complianceRuleOptions.regoRule.policy" To sPolicy
Get ComStringOf Of hoJResp "options.complianceRuleOptions.resourceType" To sResourceType
Get ComStringOf Of hoJResp "options.decreaseCriticalityBasedOnEnv" To sDecreaseCriticalityBasedOnEnv
Get ComStringOf Of hoJResp "options.detectionMethod" To sDetectionMethod
Get ComIntOf Of hoJResp "options.evaluationWindow" To iEvaluationWindow
Get ComStringOf Of hoJResp "options.hardcodedEvaluatorType" To sHardcodedEvaluatorType
Get ComStringOf Of hoJResp "options.impossibleTravelOptions.baselineUserLocations" To sBaselineUserLocations
Get ComIntOf Of hoJResp "options.keepAlive" To iKeepAlive
Get ComIntOf Of hoJResp "options.maxSignalDuration" To iMaxSignalDuration
Get ComIntOf Of hoJResp "options.newValueOptions.forgetAfter" To iForgetAfter
Get ComIntOf Of hoJResp "options.newValueOptions.learningDuration" To iLearningDuration
Get ComStringOf Of hoJResp "options.newValueOptions.learningMethod" To sLearningMethod
Get ComIntOf Of hoJResp "options.newValueOptions.learningThreshold" To iLearningThreshold
Get ComStringOf Of hoJResp "type" To sV_type
Get ComStringOf Of hoJResp "updateAuthorId" To sUpdateAuthorId
Get ComStringOf Of hoJResp "version" To sVersion
Move 0 To i
Get ComSizeOfArray Of hoJResp "cases" To iCount_i
While (i < iCount_i)
Set ComI Of hoJResp To i
Get ComStringOf Of hoJResp "cases[i].condition" To sCondition
Get ComStringOf Of hoJResp "cases[i].name" To sName
Get ComStringOf Of hoJResp "cases[i].status" To sStatus
Move 0 To j
Get ComSizeOfArray Of hoJResp "cases[i].notifications" To iCount_j
While (j < iCount_j)
Set ComJ Of hoJResp To j
Get ComStringOf Of hoJResp "cases[i].notifications[j]" To sStrVal
Move (j + 1) To j
Loop
Move (i + 1) To i
Loop
Move 0 To i
Get ComSizeOfArray Of hoJResp "complianceSignalOptions.defaultGroupByFields" To iCount_i
While (i < iCount_i)
Set ComI Of hoJResp To i
Get ComStringOf Of hoJResp "complianceSignalOptions.defaultGroupByFields[i]" To sStrVal
Move (i + 1) To i
Loop
Move 0 To i
Get ComSizeOfArray Of hoJResp "complianceSignalOptions.userGroupByFields" To iCount_i
While (i < iCount_i)
Set ComI Of hoJResp To i
Get ComStringOf Of hoJResp "complianceSignalOptions.userGroupByFields[i]" To sStrVal
Move (i + 1) To i
Loop
Move 0 To i
Get ComSizeOfArray Of hoJResp "filters" To iCount_i
While (i < iCount_i)
Set ComI Of hoJResp To i
Get ComStringOf Of hoJResp "filters[i].action" To sAction
Get ComStringOf Of hoJResp "filters[i].query" To sQuery
Move (i + 1) To i
Loop
Move 0 To i
Get ComSizeOfArray Of hoJResp "options.complianceRuleOptions.regoRule.resourceTypes" To iCount_i
While (i < iCount_i)
Set ComI Of hoJResp To i
Get ComStringOf Of hoJResp "options.complianceRuleOptions.regoRule.resourceTypes[i]" To sStrVal
Move (i + 1) To i
Loop
Move 0 To i
Get ComSizeOfArray Of hoJResp "queries" To iCount_i
While (i < iCount_i)
Set ComI Of hoJResp To i
Get ComStringOf Of hoJResp "queries[i].aggregation" To sAggregation
Get ComStringOf Of hoJResp "queries[i].metric" To sMetric
Get ComStringOf Of hoJResp "queries[i].name" To sName
Get ComStringOf Of hoJResp "queries[i].query" To sQuery
Move 0 To j
Get ComSizeOfArray Of hoJResp "queries[i].distinctFields" To iCount_j
While (j < iCount_j)
Set ComJ Of hoJResp To j
Get ComStringOf Of hoJResp "queries[i].distinctFields[j]" To sStrVal
Move (j + 1) To j
Loop
Move 0 To j
Get ComSizeOfArray Of hoJResp "queries[i].groupByFields" To iCount_j
While (j < iCount_j)
Set ComJ Of hoJResp To j
Get ComStringOf Of hoJResp "queries[i].groupByFields[j]" To sStrVal
Move (j + 1) To j
Loop
Move 0 To j
Get ComSizeOfArray Of hoJResp "queries[i].metrics" To iCount_j
While (j < iCount_j)
Set ComJ Of hoJResp To j
Get ComStringOf Of hoJResp "queries[i].metrics[j]" To sStrVal
Move (j + 1) To j
Loop
Move (i + 1) To i
Loop
Move 0 To i
Get ComSizeOfArray Of hoJResp "tags" To iCount_i
While (i < iCount_i)
Set ComI Of hoJResp To i
Get ComStringOf Of hoJResp "tags[i]" To sStrVal
Move (i + 1) To i
Loop
End_Procedure
Curl Command
curl -X PUT
-H "Content-Type: application/json"
-H "Accept: application/json"
-d '{
"cases": [
{
"condition": "<string>",
"name": "<string>",
"notifications": [
"<string>",
"<string>"
],
"status": "critical"
},
{
"condition": "<string>",
"name": "<string>",
"notifications": [
"<string>",
"<string>"
],
"status": "critical"
}
],
"complianceSignalOptions": {
"defaultActivationStatus": "<boolean>",
"defaultGroupByFields": [
"<string>",
"<string>"
],
"userActivationStatus": "<boolean>",
"userGroupByFields": [
"<string>",
"<string>"
]
},
"filters": [
{
"action": "suppress",
"query": "<string>"
},
{
"action": "suppress",
"query": "<string>"
}
],
"hasExtendedTitle": "<boolean>",
"isEnabled": "<boolean>",
"message": "<string>",
"name": "<string>",
"options": {
"complianceRuleOptions": {
"complexRule": "<boolean>",
"regoRule": {
"policy": "<string>",
"resourceTypes": [
"<string>",
"<string>"
]
},
"resourceType": "<string>",
"nisic3": {}
},
"decreaseCriticalityBasedOnEnv": "<boolean>",
"detectionMethod": "third_party",
"evaluationWindow": 3600,
"hardcodedEvaluatorType": "log4shell",
"impossibleTravelOptions": {
"baselineUserLocations": "<boolean>"
},
"keepAlive": 10800,
"maxSignalDuration": 21600,
"newValueOptions": {
"forgetAfter": 28,
"learningDuration": 0,
"learningMethod": "duration",
"learningThreshold": 0
}
},
"queries": [
{
"aggregation": "max",
"distinctFields": [
"<string>",
"<string>"
],
"groupByFields": [
"<string>",
"<string>"
],
"metric": "<string>",
"metrics": [
"<string>",
"<string>"
],
"name": "<string>",
"query": "<string>"
},
{
"aggregation": "geo_data",
"distinctFields": [
"<string>",
"<string>"
],
"groupByFields": [
"<string>",
"<string>"
],
"metric": "<string>",
"metrics": [
"<string>",
"<string>"
],
"name": "<string>",
"query": "<string>"
}
],
"tags": [
"<string>",
"<string>"
],
"version": "<integer>"
}'
https://api.app.ddog-gov.com/api/v2/security_monitoring/rules/:rule_id
Postman Collection Item JSON
{
"name": "Update an existing rule",
"request": {
"method": "PUT",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"cases\": [\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n },\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n }\n ],\n \"complianceSignalOptions\": {\n \"defaultActivationStatus\": \"<boolean>\",\n \"defaultGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"userActivationStatus\": \"<boolean>\",\n \"userGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"isEnabled\": \"<boolean>\",\n \"message\": \"<string>\",\n \"name\": \"<string>\",\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"nisic3\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"third_party\",\n \"evaluationWindow\": 3600,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 10800,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 28,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"queries\": [\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"geo_data\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"version\": \"<integer>\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules/:rule_id",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules",
":rule_id"
],
"variable": [
{
"key": "rule_id",
"value": "<string>"
}
]
},
"description": "Update an existing rule. When updating `cases`, `queries` or `options`, the whole field\nmust be included. For example, when modifying a query all queries must be included.\nDefault rules can only be updated to be enabled and to change notifications."
},
"response": [
{
"name": "OK",
"originalRequest": {
"method": "PUT",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"cases\": [\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n },\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n }\n ],\n \"complianceSignalOptions\": {\n \"defaultActivationStatus\": \"<boolean>\",\n \"defaultGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"userActivationStatus\": \"<boolean>\",\n \"userGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"isEnabled\": \"<boolean>\",\n \"message\": \"<string>\",\n \"name\": \"<string>\",\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"nisic3\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"third_party\",\n \"evaluationWindow\": 3600,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 10800,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 28,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"queries\": [\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"geo_data\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"version\": \"<integer>\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules/:rule_id",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules",
":rule_id"
],
"variable": [
{
"key": "rule_id"
}
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"cases\": [\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"medium\"\n },\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n }\n ],\n \"complianceSignalOptions\": {\n \"defaultActivationStatus\": \"<boolean>\",\n \"defaultGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"userActivationStatus\": \"<boolean>\",\n \"userGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"createdAt\": \"<long>\",\n \"creationAuthorId\": \"<long>\",\n \"deprecationDate\": \"<long>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"id\": \"<string>\",\n \"isDefault\": \"<boolean>\",\n \"isDeleted\": \"<boolean>\",\n \"isEnabled\": \"<boolean>\",\n \"message\": \"<string>\",\n \"name\": \"<string>\",\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\"\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"third_party\",\n \"evaluationWindow\": 300,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 300,\n \"maxSignalDuration\": 900,\n \"newValueOptions\": {\n \"forgetAfter\": 28,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"queries\": [\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"application_security\",\n \"updateAuthorId\": \"<long>\",\n \"version\": \"<long>\"\n}"
},
{
"name": "Bad Request",
"originalRequest": {
"method": "PUT",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"cases\": [\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n },\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n }\n ],\n \"complianceSignalOptions\": {\n \"defaultActivationStatus\": \"<boolean>\",\n \"defaultGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"userActivationStatus\": \"<boolean>\",\n \"userGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"isEnabled\": \"<boolean>\",\n \"message\": \"<string>\",\n \"name\": \"<string>\",\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"nisic3\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"third_party\",\n \"evaluationWindow\": 3600,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 10800,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 28,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"queries\": [\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"geo_data\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"version\": \"<integer>\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules/:rule_id",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules",
":rule_id"
],
"variable": [
{
"key": "rule_id"
}
]
}
},
"status": "Bad Request",
"code": 400,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Concurrent Modification",
"originalRequest": {
"method": "PUT",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"cases\": [\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n },\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n }\n ],\n \"complianceSignalOptions\": {\n \"defaultActivationStatus\": \"<boolean>\",\n \"defaultGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"userActivationStatus\": \"<boolean>\",\n \"userGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"isEnabled\": \"<boolean>\",\n \"message\": \"<string>\",\n \"name\": \"<string>\",\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"nisic3\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"third_party\",\n \"evaluationWindow\": 3600,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 10800,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 28,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"queries\": [\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"geo_data\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"version\": \"<integer>\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules/:rule_id",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules",
":rule_id"
],
"variable": [
{
"key": "rule_id"
}
]
}
},
"status": "Unauthorized",
"code": 401,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Not Authorized",
"originalRequest": {
"method": "PUT",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"cases\": [\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n },\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n }\n ],\n \"complianceSignalOptions\": {\n \"defaultActivationStatus\": \"<boolean>\",\n \"defaultGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"userActivationStatus\": \"<boolean>\",\n \"userGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"isEnabled\": \"<boolean>\",\n \"message\": \"<string>\",\n \"name\": \"<string>\",\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"nisic3\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"third_party\",\n \"evaluationWindow\": 3600,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 10800,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 28,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"queries\": [\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"geo_data\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"version\": \"<integer>\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules/:rule_id",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules",
":rule_id"
],
"variable": [
{
"key": "rule_id"
}
]
}
},
"status": "Forbidden",
"code": 403,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Not Found",
"originalRequest": {
"method": "PUT",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"cases\": [\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n },\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n }\n ],\n \"complianceSignalOptions\": {\n \"defaultActivationStatus\": \"<boolean>\",\n \"defaultGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"userActivationStatus\": \"<boolean>\",\n \"userGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"isEnabled\": \"<boolean>\",\n \"message\": \"<string>\",\n \"name\": \"<string>\",\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"nisic3\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"third_party\",\n \"evaluationWindow\": 3600,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 10800,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 28,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"queries\": [\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"geo_data\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"version\": \"<integer>\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules/:rule_id",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules",
":rule_id"
],
"variable": [
{
"key": "rule_id"
}
]
}
},
"status": "Not Found",
"code": 404,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Too many requests",
"originalRequest": {
"method": "PUT",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"cases\": [\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n },\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n }\n ],\n \"complianceSignalOptions\": {\n \"defaultActivationStatus\": \"<boolean>\",\n \"defaultGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"userActivationStatus\": \"<boolean>\",\n \"userGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"isEnabled\": \"<boolean>\",\n \"message\": \"<string>\",\n \"name\": \"<string>\",\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"nisic3\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"third_party\",\n \"evaluationWindow\": 3600,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 10800,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 28,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"queries\": [\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"geo_data\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"version\": \"<integer>\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules/:rule_id",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules",
":rule_id"
],
"variable": [
{
"key": "rule_id"
}
]
}
},
"status": "Too Many Requests",
"code": 429,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
}
]
}
