Back to Collection Items
load ./chilkat.dll
# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
set http [new_CkHttp]
# Use this online tool to generate code from sample JSON: Generate Code to Create JSON
# The following JSON is sent in the request body.
# {
# "cases": [
# {
# "condition": "<string>",
# "name": "<string>",
# "notifications": [
# "<string>",
# "<string>"
# ],
# "status": "critical"
# },
# {
# "condition": "<string>",
# "name": "<string>",
# "notifications": [
# "<string>",
# "<string>"
# ],
# "status": "critical"
# }
# ],
# "complianceSignalOptions": {
# "defaultActivationStatus": "<boolean>",
# "defaultGroupByFields": [
# "<string>",
# "<string>"
# ],
# "userActivationStatus": "<boolean>",
# "userGroupByFields": [
# "<string>",
# "<string>"
# ]
# },
# "filters": [
# {
# "action": "suppress",
# "query": "<string>"
# },
# {
# "action": "suppress",
# "query": "<string>"
# }
# ],
# "hasExtendedTitle": "<boolean>",
# "isEnabled": "<boolean>",
# "message": "<string>",
# "name": "<string>",
# "options": {
# "complianceRuleOptions": {
# "complexRule": "<boolean>",
# "regoRule": {
# "policy": "<string>",
# "resourceTypes": [
# "<string>",
# "<string>"
# ]
# },
# "resourceType": "<string>",
# "nisic3": {}
# },
# "decreaseCriticalityBasedOnEnv": "<boolean>",
# "detectionMethod": "third_party",
# "evaluationWindow": 3600,
# "hardcodedEvaluatorType": "log4shell",
# "impossibleTravelOptions": {
# "baselineUserLocations": "<boolean>"
# },
# "keepAlive": 10800,
# "maxSignalDuration": 21600,
# "newValueOptions": {
# "forgetAfter": 28,
# "learningDuration": 0,
# "learningMethod": "duration",
# "learningThreshold": 0
# }
# },
# "queries": [
# {
# "aggregation": "max",
# "distinctFields": [
# "<string>",
# "<string>"
# ],
# "groupByFields": [
# "<string>",
# "<string>"
# ],
# "metric": "<string>",
# "metrics": [
# "<string>",
# "<string>"
# ],
# "name": "<string>",
# "query": "<string>"
# },
# {
# "aggregation": "geo_data",
# "distinctFields": [
# "<string>",
# "<string>"
# ],
# "groupByFields": [
# "<string>",
# "<string>"
# ],
# "metric": "<string>",
# "metrics": [
# "<string>",
# "<string>"
# ],
# "name": "<string>",
# "query": "<string>"
# }
# ],
# "tags": [
# "<string>",
# "<string>"
# ],
# "version": "<integer>"
# }
set json [new_CkJsonObject]
CkJsonObject_UpdateString $json "cases[0].condition" "<string>"
CkJsonObject_UpdateString $json "cases[0].name" "<string>"
CkJsonObject_UpdateString $json "cases[0].notifications[0]" "<string>"
CkJsonObject_UpdateString $json "cases[0].notifications[1]" "<string>"
CkJsonObject_UpdateString $json "cases[0].status" "critical"
CkJsonObject_UpdateString $json "cases[1].condition" "<string>"
CkJsonObject_UpdateString $json "cases[1].name" "<string>"
CkJsonObject_UpdateString $json "cases[1].notifications[0]" "<string>"
CkJsonObject_UpdateString $json "cases[1].notifications[1]" "<string>"
CkJsonObject_UpdateString $json "cases[1].status" "critical"
CkJsonObject_UpdateString $json "complianceSignalOptions.defaultActivationStatus" "<boolean>"
CkJsonObject_UpdateString $json "complianceSignalOptions.defaultGroupByFields[0]" "<string>"
CkJsonObject_UpdateString $json "complianceSignalOptions.defaultGroupByFields[1]" "<string>"
CkJsonObject_UpdateString $json "complianceSignalOptions.userActivationStatus" "<boolean>"
CkJsonObject_UpdateString $json "complianceSignalOptions.userGroupByFields[0]" "<string>"
CkJsonObject_UpdateString $json "complianceSignalOptions.userGroupByFields[1]" "<string>"
CkJsonObject_UpdateString $json "filters[0].action" "suppress"
CkJsonObject_UpdateString $json "filters[0].query" "<string>"
CkJsonObject_UpdateString $json "filters[1].action" "suppress"
CkJsonObject_UpdateString $json "filters[1].query" "<string>"
CkJsonObject_UpdateString $json "hasExtendedTitle" "<boolean>"
CkJsonObject_UpdateString $json "isEnabled" "<boolean>"
CkJsonObject_UpdateString $json "message" "<string>"
CkJsonObject_UpdateString $json "name" "<string>"
CkJsonObject_UpdateString $json "options.complianceRuleOptions.complexRule" "<boolean>"
CkJsonObject_UpdateString $json "options.complianceRuleOptions.regoRule.policy" "<string>"
CkJsonObject_UpdateString $json "options.complianceRuleOptions.regoRule.resourceTypes[0]" "<string>"
CkJsonObject_UpdateString $json "options.complianceRuleOptions.regoRule.resourceTypes[1]" "<string>"
CkJsonObject_UpdateString $json "options.complianceRuleOptions.resourceType" "<string>"
CkJsonObject_UpdateNewObject $json "options.complianceRuleOptions.nisic3"
CkJsonObject_UpdateString $json "options.decreaseCriticalityBasedOnEnv" "<boolean>"
CkJsonObject_UpdateString $json "options.detectionMethod" "third_party"
CkJsonObject_UpdateInt $json "options.evaluationWindow" 3600
CkJsonObject_UpdateString $json "options.hardcodedEvaluatorType" "log4shell"
CkJsonObject_UpdateString $json "options.impossibleTravelOptions.baselineUserLocations" "<boolean>"
CkJsonObject_UpdateInt $json "options.keepAlive" 10800
CkJsonObject_UpdateInt $json "options.maxSignalDuration" 21600
CkJsonObject_UpdateInt $json "options.newValueOptions.forgetAfter" 28
CkJsonObject_UpdateInt $json "options.newValueOptions.learningDuration" 0
CkJsonObject_UpdateString $json "options.newValueOptions.learningMethod" "duration"
CkJsonObject_UpdateInt $json "options.newValueOptions.learningThreshold" 0
CkJsonObject_UpdateString $json "queries[0].aggregation" "max"
CkJsonObject_UpdateString $json "queries[0].distinctFields[0]" "<string>"
CkJsonObject_UpdateString $json "queries[0].distinctFields[1]" "<string>"
CkJsonObject_UpdateString $json "queries[0].groupByFields[0]" "<string>"
CkJsonObject_UpdateString $json "queries[0].groupByFields[1]" "<string>"
CkJsonObject_UpdateString $json "queries[0].metric" "<string>"
CkJsonObject_UpdateString $json "queries[0].metrics[0]" "<string>"
CkJsonObject_UpdateString $json "queries[0].metrics[1]" "<string>"
CkJsonObject_UpdateString $json "queries[0].name" "<string>"
CkJsonObject_UpdateString $json "queries[0].query" "<string>"
CkJsonObject_UpdateString $json "queries[1].aggregation" "geo_data"
CkJsonObject_UpdateString $json "queries[1].distinctFields[0]" "<string>"
CkJsonObject_UpdateString $json "queries[1].distinctFields[1]" "<string>"
CkJsonObject_UpdateString $json "queries[1].groupByFields[0]" "<string>"
CkJsonObject_UpdateString $json "queries[1].groupByFields[1]" "<string>"
CkJsonObject_UpdateString $json "queries[1].metric" "<string>"
CkJsonObject_UpdateString $json "queries[1].metrics[0]" "<string>"
CkJsonObject_UpdateString $json "queries[1].metrics[1]" "<string>"
CkJsonObject_UpdateString $json "queries[1].name" "<string>"
CkJsonObject_UpdateString $json "queries[1].query" "<string>"
CkJsonObject_UpdateString $json "tags[0]" "<string>"
CkJsonObject_UpdateString $json "tags[1]" "<string>"
CkJsonObject_UpdateString $json "version" "<integer>"
CkHttp_SetRequestHeader $http "Content-Type" "application/json"
CkHttp_SetRequestHeader $http "Accept" "application/json"
set sbRequestBody [new_CkStringBuilder]
CkJsonObject_EmitSb $json $sbRequestBody
# resp is a CkHttpResponse
set resp [CkHttp_PTextSb $http "PUT" "https://api.app.ddog-gov.com/api/v2/security_monitoring/rules/:rule_id" $sbRequestBody "utf-8" "application/json" 0 0]
if {[CkHttp_get_LastMethodSuccess $http] == 0} then {
puts [CkHttp_lastErrorText $http]
delete_CkHttp $http
delete_CkJsonObject $json
delete_CkStringBuilder $sbRequestBody
exit
}
set sbResponseBody [new_CkStringBuilder]
CkHttpResponse_GetBodySb $resp $sbResponseBody
set jResp [new_CkJsonObject]
CkJsonObject_LoadSb $jResp $sbResponseBody
CkJsonObject_put_EmitCompact $jResp 0
puts "Response Body:"
puts [CkJsonObject_emit $jResp]
set respStatusCode [CkHttpResponse_get_StatusCode $resp]
puts "Response Status Code = $respStatusCode"
if {$respStatusCode >= 400} then {
puts "Response Header:"
puts [CkHttpResponse_header $resp]
puts "Failed."
delete_CkHttpResponse $resp
delete_CkHttp $http
delete_CkJsonObject $json
delete_CkStringBuilder $sbRequestBody
delete_CkStringBuilder $sbResponseBody
delete_CkJsonObject $jResp
exit
}
delete_CkHttpResponse $resp
# Sample JSON response:
# (Sample code for parsing the JSON response is shown below)
# {
# "cases": [
# {
# "condition": "<string>",
# "name": "<string>",
# "notifications": [
# "<string>",
# "<string>"
# ],
# "status": "medium"
# },
# {
# "condition": "<string>",
# "name": "<string>",
# "notifications": [
# "<string>",
# "<string>"
# ],
# "status": "critical"
# }
# ],
# "complianceSignalOptions": {
# "defaultActivationStatus": "<boolean>",
# "defaultGroupByFields": [
# "<string>",
# "<string>"
# ],
# "userActivationStatus": "<boolean>",
# "userGroupByFields": [
# "<string>",
# "<string>"
# ]
# },
# "createdAt": "<long>",
# "creationAuthorId": "<long>",
# "deprecationDate": "<long>",
# "filters": [
# {
# "action": "suppress",
# "query": "<string>"
# },
# {
# "action": "require",
# "query": "<string>"
# }
# ],
# "hasExtendedTitle": "<boolean>",
# "id": "<string>",
# "isDefault": "<boolean>",
# "isDeleted": "<boolean>",
# "isEnabled": "<boolean>",
# "message": "<string>",
# "name": "<string>",
# "options": {
# "complianceRuleOptions": {
# "complexRule": "<boolean>",
# "regoRule": {
# "policy": "<string>",
# "resourceTypes": [
# "<string>",
# "<string>"
# ]
# },
# "resourceType": "<string>"
# },
# "decreaseCriticalityBasedOnEnv": "<boolean>",
# "detectionMethod": "third_party",
# "evaluationWindow": 300,
# "hardcodedEvaluatorType": "log4shell",
# "impossibleTravelOptions": {
# "baselineUserLocations": "<boolean>"
# },
# "keepAlive": 300,
# "maxSignalDuration": 900,
# "newValueOptions": {
# "forgetAfter": 28,
# "learningDuration": 0,
# "learningMethod": "duration",
# "learningThreshold": 0
# }
# },
# "queries": [
# {
# "aggregation": "max",
# "distinctFields": [
# "<string>",
# "<string>"
# ],
# "groupByFields": [
# "<string>",
# "<string>"
# ],
# "metric": "<string>",
# "metrics": [
# "<string>",
# "<string>"
# ],
# "name": "<string>",
# "query": "<string>"
# },
# {
# "aggregation": "max",
# "distinctFields": [
# "<string>",
# "<string>"
# ],
# "groupByFields": [
# "<string>",
# "<string>"
# ],
# "metric": "<string>",
# "metrics": [
# "<string>",
# "<string>"
# ],
# "name": "<string>",
# "query": "<string>"
# }
# ],
# "tags": [
# "<string>",
# "<string>"
# ],
# "type": "application_security",
# "updateAuthorId": "<long>",
# "version": "<long>"
# }
# Sample code for parsing the JSON response...
# Use this online tool to generate parsing code from sample JSON: Generate JSON Parsing Code
set DefaultActivationStatus [CkJsonObject_stringOf $jResp "complianceSignalOptions.defaultActivationStatus"]
set UserActivationStatus [CkJsonObject_stringOf $jResp "complianceSignalOptions.userActivationStatus"]
set createdAt [CkJsonObject_stringOf $jResp "createdAt"]
set creationAuthorId [CkJsonObject_stringOf $jResp "creationAuthorId"]
set deprecationDate [CkJsonObject_stringOf $jResp "deprecationDate"]
set hasExtendedTitle [CkJsonObject_stringOf $jResp "hasExtendedTitle"]
set id [CkJsonObject_stringOf $jResp "id"]
set isDefault [CkJsonObject_stringOf $jResp "isDefault"]
set isDeleted [CkJsonObject_stringOf $jResp "isDeleted"]
set isEnabled [CkJsonObject_stringOf $jResp "isEnabled"]
set message [CkJsonObject_stringOf $jResp "message"]
set name [CkJsonObject_stringOf $jResp "name"]
set ComplexRule [CkJsonObject_stringOf $jResp "options.complianceRuleOptions.complexRule"]
set Policy [CkJsonObject_stringOf $jResp "options.complianceRuleOptions.regoRule.policy"]
set ResourceType [CkJsonObject_stringOf $jResp "options.complianceRuleOptions.resourceType"]
set DecreaseCriticalityBasedOnEnv [CkJsonObject_stringOf $jResp "options.decreaseCriticalityBasedOnEnv"]
set DetectionMethod [CkJsonObject_stringOf $jResp "options.detectionMethod"]
set EvaluationWindow [CkJsonObject_IntOf $jResp "options.evaluationWindow"]
set HardcodedEvaluatorType [CkJsonObject_stringOf $jResp "options.hardcodedEvaluatorType"]
set BaselineUserLocations [CkJsonObject_stringOf $jResp "options.impossibleTravelOptions.baselineUserLocations"]
set KeepAlive [CkJsonObject_IntOf $jResp "options.keepAlive"]
set MaxSignalDuration [CkJsonObject_IntOf $jResp "options.maxSignalDuration"]
set ForgetAfter [CkJsonObject_IntOf $jResp "options.newValueOptions.forgetAfter"]
set LearningDuration [CkJsonObject_IntOf $jResp "options.newValueOptions.learningDuration"]
set LearningMethod [CkJsonObject_stringOf $jResp "options.newValueOptions.learningMethod"]
set LearningThreshold [CkJsonObject_IntOf $jResp "options.newValueOptions.learningThreshold"]
set v_type [CkJsonObject_stringOf $jResp "type"]
set updateAuthorId [CkJsonObject_stringOf $jResp "updateAuthorId"]
set version [CkJsonObject_stringOf $jResp "version"]
set i 0
set count_i [CkJsonObject_SizeOfArray $jResp "cases"]
while {$i < $count_i} {
CkJsonObject_put_I $jResp $i
set condition [CkJsonObject_stringOf $jResp "cases[i].condition"]
set name [CkJsonObject_stringOf $jResp "cases[i].name"]
set status [CkJsonObject_stringOf $jResp "cases[i].status"]
set j 0
set count_j [CkJsonObject_SizeOfArray $jResp "cases[i].notifications"]
while {$j < $count_j} {
CkJsonObject_put_J $jResp $j
set strVal [CkJsonObject_stringOf $jResp "cases[i].notifications[j]"]
set j [expr $j + 1]
}
set i [expr $i + 1]
}
set i 0
set count_i [CkJsonObject_SizeOfArray $jResp "complianceSignalOptions.defaultGroupByFields"]
while {$i < $count_i} {
CkJsonObject_put_I $jResp $i
set strVal [CkJsonObject_stringOf $jResp "complianceSignalOptions.defaultGroupByFields[i]"]
set i [expr $i + 1]
}
set i 0
set count_i [CkJsonObject_SizeOfArray $jResp "complianceSignalOptions.userGroupByFields"]
while {$i < $count_i} {
CkJsonObject_put_I $jResp $i
set strVal [CkJsonObject_stringOf $jResp "complianceSignalOptions.userGroupByFields[i]"]
set i [expr $i + 1]
}
set i 0
set count_i [CkJsonObject_SizeOfArray $jResp "filters"]
while {$i < $count_i} {
CkJsonObject_put_I $jResp $i
set action [CkJsonObject_stringOf $jResp "filters[i].action"]
set query [CkJsonObject_stringOf $jResp "filters[i].query"]
set i [expr $i + 1]
}
set i 0
set count_i [CkJsonObject_SizeOfArray $jResp "options.complianceRuleOptions.regoRule.resourceTypes"]
while {$i < $count_i} {
CkJsonObject_put_I $jResp $i
set strVal [CkJsonObject_stringOf $jResp "options.complianceRuleOptions.regoRule.resourceTypes[i]"]
set i [expr $i + 1]
}
set i 0
set count_i [CkJsonObject_SizeOfArray $jResp "queries"]
while {$i < $count_i} {
CkJsonObject_put_I $jResp $i
set aggregation [CkJsonObject_stringOf $jResp "queries[i].aggregation"]
set metric [CkJsonObject_stringOf $jResp "queries[i].metric"]
set name [CkJsonObject_stringOf $jResp "queries[i].name"]
set query [CkJsonObject_stringOf $jResp "queries[i].query"]
set j 0
set count_j [CkJsonObject_SizeOfArray $jResp "queries[i].distinctFields"]
while {$j < $count_j} {
CkJsonObject_put_J $jResp $j
set strVal [CkJsonObject_stringOf $jResp "queries[i].distinctFields[j]"]
set j [expr $j + 1]
}
set j 0
set count_j [CkJsonObject_SizeOfArray $jResp "queries[i].groupByFields"]
while {$j < $count_j} {
CkJsonObject_put_J $jResp $j
set strVal [CkJsonObject_stringOf $jResp "queries[i].groupByFields[j]"]
set j [expr $j + 1]
}
set j 0
set count_j [CkJsonObject_SizeOfArray $jResp "queries[i].metrics"]
while {$j < $count_j} {
CkJsonObject_put_J $jResp $j
set strVal [CkJsonObject_stringOf $jResp "queries[i].metrics[j]"]
set j [expr $j + 1]
}
set i [expr $i + 1]
}
set i 0
set count_i [CkJsonObject_SizeOfArray $jResp "tags"]
while {$i < $count_i} {
CkJsonObject_put_I $jResp $i
set strVal [CkJsonObject_stringOf $jResp "tags[i]"]
set i [expr $i + 1]
}
delete_CkHttp $http
delete_CkJsonObject $json
delete_CkStringBuilder $sbRequestBody
delete_CkStringBuilder $sbResponseBody
delete_CkJsonObject $jResp
Curl Command
curl -X PUT
-H "Content-Type: application/json"
-H "Accept: application/json"
-d '{
"cases": [
{
"condition": "<string>",
"name": "<string>",
"notifications": [
"<string>",
"<string>"
],
"status": "critical"
},
{
"condition": "<string>",
"name": "<string>",
"notifications": [
"<string>",
"<string>"
],
"status": "critical"
}
],
"complianceSignalOptions": {
"defaultActivationStatus": "<boolean>",
"defaultGroupByFields": [
"<string>",
"<string>"
],
"userActivationStatus": "<boolean>",
"userGroupByFields": [
"<string>",
"<string>"
]
},
"filters": [
{
"action": "suppress",
"query": "<string>"
},
{
"action": "suppress",
"query": "<string>"
}
],
"hasExtendedTitle": "<boolean>",
"isEnabled": "<boolean>",
"message": "<string>",
"name": "<string>",
"options": {
"complianceRuleOptions": {
"complexRule": "<boolean>",
"regoRule": {
"policy": "<string>",
"resourceTypes": [
"<string>",
"<string>"
]
},
"resourceType": "<string>",
"nisic3": {}
},
"decreaseCriticalityBasedOnEnv": "<boolean>",
"detectionMethod": "third_party",
"evaluationWindow": 3600,
"hardcodedEvaluatorType": "log4shell",
"impossibleTravelOptions": {
"baselineUserLocations": "<boolean>"
},
"keepAlive": 10800,
"maxSignalDuration": 21600,
"newValueOptions": {
"forgetAfter": 28,
"learningDuration": 0,
"learningMethod": "duration",
"learningThreshold": 0
}
},
"queries": [
{
"aggregation": "max",
"distinctFields": [
"<string>",
"<string>"
],
"groupByFields": [
"<string>",
"<string>"
],
"metric": "<string>",
"metrics": [
"<string>",
"<string>"
],
"name": "<string>",
"query": "<string>"
},
{
"aggregation": "geo_data",
"distinctFields": [
"<string>",
"<string>"
],
"groupByFields": [
"<string>",
"<string>"
],
"metric": "<string>",
"metrics": [
"<string>",
"<string>"
],
"name": "<string>",
"query": "<string>"
}
],
"tags": [
"<string>",
"<string>"
],
"version": "<integer>"
}'
https://api.app.ddog-gov.com/api/v2/security_monitoring/rules/:rule_id
Postman Collection Item JSON
{
"name": "Update an existing rule",
"request": {
"method": "PUT",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"cases\": [\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n },\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n }\n ],\n \"complianceSignalOptions\": {\n \"defaultActivationStatus\": \"<boolean>\",\n \"defaultGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"userActivationStatus\": \"<boolean>\",\n \"userGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"isEnabled\": \"<boolean>\",\n \"message\": \"<string>\",\n \"name\": \"<string>\",\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"nisic3\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"third_party\",\n \"evaluationWindow\": 3600,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 10800,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 28,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"queries\": [\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"geo_data\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"version\": \"<integer>\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules/:rule_id",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules",
":rule_id"
],
"variable": [
{
"key": "rule_id",
"value": "<string>"
}
]
},
"description": "Update an existing rule. When updating `cases`, `queries` or `options`, the whole field\nmust be included. For example, when modifying a query all queries must be included.\nDefault rules can only be updated to be enabled and to change notifications."
},
"response": [
{
"name": "OK",
"originalRequest": {
"method": "PUT",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"cases\": [\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n },\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n }\n ],\n \"complianceSignalOptions\": {\n \"defaultActivationStatus\": \"<boolean>\",\n \"defaultGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"userActivationStatus\": \"<boolean>\",\n \"userGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"isEnabled\": \"<boolean>\",\n \"message\": \"<string>\",\n \"name\": \"<string>\",\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"nisic3\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"third_party\",\n \"evaluationWindow\": 3600,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 10800,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 28,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"queries\": [\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"geo_data\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"version\": \"<integer>\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules/:rule_id",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules",
":rule_id"
],
"variable": [
{
"key": "rule_id"
}
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"cases\": [\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"medium\"\n },\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n }\n ],\n \"complianceSignalOptions\": {\n \"defaultActivationStatus\": \"<boolean>\",\n \"defaultGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"userActivationStatus\": \"<boolean>\",\n \"userGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"createdAt\": \"<long>\",\n \"creationAuthorId\": \"<long>\",\n \"deprecationDate\": \"<long>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"id\": \"<string>\",\n \"isDefault\": \"<boolean>\",\n \"isDeleted\": \"<boolean>\",\n \"isEnabled\": \"<boolean>\",\n \"message\": \"<string>\",\n \"name\": \"<string>\",\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\"\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"third_party\",\n \"evaluationWindow\": 300,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 300,\n \"maxSignalDuration\": 900,\n \"newValueOptions\": {\n \"forgetAfter\": 28,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"queries\": [\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"application_security\",\n \"updateAuthorId\": \"<long>\",\n \"version\": \"<long>\"\n}"
},
{
"name": "Bad Request",
"originalRequest": {
"method": "PUT",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"cases\": [\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n },\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n }\n ],\n \"complianceSignalOptions\": {\n \"defaultActivationStatus\": \"<boolean>\",\n \"defaultGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"userActivationStatus\": \"<boolean>\",\n \"userGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"isEnabled\": \"<boolean>\",\n \"message\": \"<string>\",\n \"name\": \"<string>\",\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"nisic3\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"third_party\",\n \"evaluationWindow\": 3600,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 10800,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 28,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"queries\": [\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"geo_data\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"version\": \"<integer>\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules/:rule_id",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules",
":rule_id"
],
"variable": [
{
"key": "rule_id"
}
]
}
},
"status": "Bad Request",
"code": 400,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Concurrent Modification",
"originalRequest": {
"method": "PUT",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"cases\": [\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n },\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n }\n ],\n \"complianceSignalOptions\": {\n \"defaultActivationStatus\": \"<boolean>\",\n \"defaultGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"userActivationStatus\": \"<boolean>\",\n \"userGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"isEnabled\": \"<boolean>\",\n \"message\": \"<string>\",\n \"name\": \"<string>\",\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"nisic3\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"third_party\",\n \"evaluationWindow\": 3600,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 10800,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 28,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"queries\": [\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"geo_data\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"version\": \"<integer>\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules/:rule_id",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules",
":rule_id"
],
"variable": [
{
"key": "rule_id"
}
]
}
},
"status": "Unauthorized",
"code": 401,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Not Authorized",
"originalRequest": {
"method": "PUT",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"cases\": [\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n },\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n }\n ],\n \"complianceSignalOptions\": {\n \"defaultActivationStatus\": \"<boolean>\",\n \"defaultGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"userActivationStatus\": \"<boolean>\",\n \"userGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"isEnabled\": \"<boolean>\",\n \"message\": \"<string>\",\n \"name\": \"<string>\",\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"nisic3\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"third_party\",\n \"evaluationWindow\": 3600,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 10800,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 28,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"queries\": [\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"geo_data\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"version\": \"<integer>\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules/:rule_id",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules",
":rule_id"
],
"variable": [
{
"key": "rule_id"
}
]
}
},
"status": "Forbidden",
"code": 403,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Not Found",
"originalRequest": {
"method": "PUT",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"cases\": [\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n },\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n }\n ],\n \"complianceSignalOptions\": {\n \"defaultActivationStatus\": \"<boolean>\",\n \"defaultGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"userActivationStatus\": \"<boolean>\",\n \"userGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"isEnabled\": \"<boolean>\",\n \"message\": \"<string>\",\n \"name\": \"<string>\",\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"nisic3\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"third_party\",\n \"evaluationWindow\": 3600,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 10800,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 28,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"queries\": [\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"geo_data\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"version\": \"<integer>\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules/:rule_id",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules",
":rule_id"
],
"variable": [
{
"key": "rule_id"
}
]
}
},
"status": "Not Found",
"code": 404,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Too many requests",
"originalRequest": {
"method": "PUT",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"cases\": [\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n },\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n }\n ],\n \"complianceSignalOptions\": {\n \"defaultActivationStatus\": \"<boolean>\",\n \"defaultGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"userActivationStatus\": \"<boolean>\",\n \"userGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"isEnabled\": \"<boolean>\",\n \"message\": \"<string>\",\n \"name\": \"<string>\",\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"nisic3\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"third_party\",\n \"evaluationWindow\": 3600,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 10800,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 28,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"queries\": [\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"geo_data\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"version\": \"<integer>\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules/:rule_id",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules",
":rule_id"
],
"variable": [
{
"key": "rule_id"
}
]
}
},
"status": "Too Many Requests",
"code": 429,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
}
]
}
