update_rule

Edit online

This command updates a policy rule.

This command updates the parameters that you specify for an existing rule in a specified policy. Only the rule name (ruleDesc) and policy name (fromPolicy) are required. If you do not specify a rule field, the field is ignored and not changed.

For more information about rule fields, see Rule definition fields.

This API is available in Guardium V9.5 and later.

REST API syntax

This API is available as a REST service with the PUT method. Call this API as follows: 
PUT https://[Guardium hostname or IP address]:8443/restAPI/update_rule

GuardAPI syntax

update_rule parameter=value

Parameters

Parameter Value type Description
analyzedClientIP String
analyzedClientIPGroup String
analyzedClientIPNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
analyzedClientNetMask String
appEventDate String Application event date.
appEventExists Boolean Match for an application event only. Valid values:
  • 0 (false)
  • 1 (true)
appEventNumValue String Application event number value.
appEventStrGroup String Application string group.
appEventStrValue String Application string value.
appUserGroup String Application user group.
appUserName String Application username.
appUserNameNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
audit String Audit name.
authType String
authTypeGroup String
authTypeNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)

Default = 1 (true)
category String Report category. For valid values, call update_rule from the command line with --help=true.
cicsUserGroup String CICS user group name.
cicsUserId String CICS user ID.
classification String Classification name.
clientHostGroup String Client host group name.
clientHostName String Client hostname.
clientHostNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
clientInfo String Client information. Use for Db2 and DB2_COLLECTION_PROFILE.
clientInfoGroup String Client information group. Use for DB2_COLLECTION_PROFILE.
clientIP String
clientIpGroup String
clientIpNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
clientMac String
clientMacNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
clientNetMask String
clientOsName String
clientOsNameGroup String
clientOsNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
clientProgramUserServerInstanceGroup String
clientProgramUserServerInstanceNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
clientProgramUserServerInstanceOsDbGroup String
clientProgramUserServerInstanceOsDbNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
clientTimezone String
clientTimezoneGroup String
clientTimezoneNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)

Default = 1 (true)
command String
commandGroupAndFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
commandNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
commandsGroup String
continueToNext Boolean Valid values:
  • 0 (false)
  • 1 (true)
dataPattern String
datasetType String
dateTime String Date and time (Time period parameter)
dbName String Database name.
dbNameGroup String Database group name.
dbNameNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
dbnameObjectGroup String Database object group name.
dbnameObjectGroupNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
dbProtocol String
dbProtocolGroup String
dbProtocolNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
dbType String Database type.
dbTypeGroup String
dbTypeNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
dbUser String Database username.
dbUserGroup String Database user group.
dbUserNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
ddName String
dliCallCodes String
errorCode String An error code.
errorCodeNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
errorGroup String
eventType String
eventUserName String
exceptionType String An exception type.
exceptionTypeIdNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
failureCode Integer A numeric failure code.
failureCodeGroup String The group for a failure code.
failureCodeNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
fieldGroupAndFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
fieldName String
fieldNameGroup String
fieldNameNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
fileGroup String
fileId String
fromPolicy String Required. The name of this policy.
functionCode String
functionCodeGroup String
imsDefinitionName String
incident String
logFlag String The log flag. Corresponds to Record Values parameter.
magenAddToHistory Boolean Valid values:
  • 0 (false)
  • 1 (true)
magenPageUrl String
magenPageUrlGroup String
magenPageUrlNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
matchedReturnedTreshold Integer
messageTemplate String
minCount Integer
netProtocol String
netProtocolGroup String
netProtocolNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
newDesc String A new description for this rule.
objectCommandGroup String
objectCommandNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
objectFieldGroup String
objectFieldNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
objectGroup String
objectGroupAndFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
objectName String
objectNameNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
osUser String Operating system user.
osUserGroup String Operating system user group.
osUserNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
pattern String
programGroup String The program group.
programId String The program ID.
quarantineMinutes Integer
recordRuleDescription Boolean Valid values:
  • 0 (false)
  • 1 (true)
recordsAffectedThreshold Integer
regionGroup String
regionId String
replacementChar String
resetInterval Integer
responseLengthThreshold Long
ruleDesc String Required. The name of the rule to update. To update the rule description, use the newDesc parameter.
senderIP String
senderIPGroup String
senderIPNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
senderNetMask String
serverDescription String
serverDescriptionGroup String
serverDescriptionNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
serverHostGroup String Server host group.
serverHostName String Server hostname.
serverHostNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
serverIP String The server IP.
serverIpGroup String Servier IP group.
serverIpNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
serverNetMask String
serverOsName String
serverOsNameGroup String
serverOsNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
serverPort Integer
serverPortGroup String
serverPortNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
serviceName String
serviceNameGroup String
serviceNameNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
serviceObjectGroup String
serviceObjectGroupNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
session String Required. Valid values:
  • LOCAL
  • TAP_DECRYPTED
  • ENCRYPTED
sessionNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
severity String The alert severity. Can be one of:
  • Info
  • Low
  • None
  • Med
  • High
sourceProgram String
sourceProgramGroup String
sourceProgramNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
sqlPattern String
startTime String
startTimeNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
terminalGroup String
terminalId String
transactionGroup String
transactionId String
triggerOncePerSession Boolean Valid values:
  • 0 (false)
  • 1 (true)
tuplesDesc String
tuplesGroup String
tuplesNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
xmlPattern String A regular expression (regex) to match.
api_target_host String

Specifies the target hosts where the API executes. Valid values:
  • all_managed: execute on all managed units but not the central manager
  • all: execute on all managed units and the central manager
  • group:<group name>: execute on all managed units identified by <group name>
  • host name or IP address of a managed unit: specified from the central manager to execute on a managed unit.  For example, api_target_host=10.0.1.123.
  • host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, api_target_host=10.0.1.123.

IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode.

GuardAPI example

grdapi update_rule ruleDesc="Rule Description" fromPolicy="policy1"  serviceName="ANY"