update_rule
This command updates a policy rule.
This command updates the parameters that you specify for an existing rule in a specified policy. Only the rule name (ruleDesc) and policy name (fromPolicy) are required. If you do not specify a rule field, the field is ignored and not changed.
For more information about rule fields, see Rule definition fields.
This API is available in Guardium V9.5 and later.
REST API syntax
This API is available as a REST service with the
PUT
method. Call this API as follows:
PUT https://[Guardium hostname or IP address]:8443/restAPI/update_rule
GuardAPI syntax
update_rule parameter=value
Parameters
Parameter | Value type | Description |
---|---|---|
analyzedClientIP | String | |
analyzedClientIPGroup | String | |
analyzedClientIPNotFlag | Boolean |
Valid values:
|
analyzedClientNetMask | String | |
appEventDate | String | Application event date. |
appEventExists | Boolean | Match for an application event only. Valid values:
|
appEventNumValue | String | Application event number value. |
appEventStrGroup | String | Application string group. |
appEventStrValue | String | Application string value. |
appUserGroup | String | Application user group. |
appUserName | String | Application username. |
appUserNameNotFlag | Boolean |
Valid values:
|
audit | String | Audit name. |
authType | String | |
authTypeGroup | String | |
authTypeNotFlag | Boolean | Valid values:
Default = 1 (true) |
category | String | Report category. For valid values, call update_rule from the command line with --help=true .
|
cicsUserGroup | String | CICS user group name. |
cicsUserId | String | CICS user ID. |
classification | String | Classification name. |
clientHostGroup | String | Client host group name. |
clientHostName | String | Client hostname. |
clientHostNotFlag | Boolean |
Valid values:
|
clientInfo | String | Client information. Use for Db2 and DB2_COLLECTION_PROFILE. |
clientInfoGroup | String | Client information group. Use for DB2_COLLECTION_PROFILE. |
clientIP | String | |
clientIpGroup | String | |
clientIpNotFlag | Boolean |
Valid values:
|
clientMac | String | |
clientMacNotFlag | Boolean |
Valid values:
|
clientNetMask | String | |
clientOsName | String | |
clientOsNameGroup | String | |
clientOsNotFlag | Boolean |
Valid values:
|
clientProgramUserServerInstanceGroup | String | |
clientProgramUserServerInstanceNotFlag | Boolean |
Valid values:
|
clientProgramUserServerInstanceOsDbGroup | String | |
clientProgramUserServerInstanceOsDbNotFlag | Boolean |
Valid values:
|
clientTimezone | String | |
clientTimezoneGroup | String | |
clientTimezoneNotFlag | Boolean | Valid values:
Default = 1 (true) |
command | String | |
commandGroupAndFlag | Boolean |
Valid values:
|
commandNotFlag | Boolean |
Valid values:
|
commandsGroup | String | |
continueToNext | Boolean |
Valid values:
|
dataPattern | String | |
datasetType | String | |
dateTime | String | Date and time (Time period parameter) |
dbName | String | Database name. |
dbNameGroup | String | Database group name. |
dbNameNotFlag | Boolean |
Valid values:
|
dbnameObjectGroup | String | Database object group name. |
dbnameObjectGroupNotFlag | Boolean |
Valid values:
|
dbProtocol | String | |
dbProtocolGroup | String | |
dbProtocolNotFlag | Boolean |
Valid values:
|
dbType | String | Database type. |
dbTypeGroup | String | |
dbTypeNotFlag | Boolean |
Valid values:
|
dbUser | String | Database username. |
dbUserGroup | String | Database user group. |
dbUserNotFlag | Boolean |
Valid values:
|
ddName | String | |
dliCallCodes | String | |
errorCode | String | An error code. |
errorCodeNotFlag | Boolean |
Valid values:
|
errorGroup | String | |
eventType | String | |
eventUserName | String | |
exceptionType | String | An exception type. |
exceptionTypeIdNotFlag | Boolean |
Valid values:
|
failureCode | Integer | A numeric failure code. |
failureCodeGroup | String | The group for a failure code. |
failureCodeNotFlag | Boolean |
Valid values:
|
fieldGroupAndFlag | Boolean |
Valid values:
|
fieldName | String | |
fieldNameGroup | String | |
fieldNameNotFlag | Boolean |
Valid values:
|
fileGroup | String | |
fileId | String | |
fromPolicy | String | Required. The name of this policy. |
functionCode | String | |
functionCodeGroup | String | |
imsDefinitionName | String | |
incident | String | |
logFlag | String | The log flag. Corresponds to Record Values parameter. |
magenAddToHistory | Boolean |
Valid values:
|
magenPageUrl | String | |
magenPageUrlGroup | String | |
magenPageUrlNotFlag | Boolean |
Valid values:
|
matchedReturnedTreshold | Integer | |
messageTemplate | String | |
minCount | Integer | |
netProtocol | String | |
netProtocolGroup | String | |
netProtocolNotFlag | Boolean |
Valid values:
|
newDesc | String | A new description for this rule. |
objectCommandGroup | String | |
objectCommandNotFlag | Boolean |
Valid values:
|
objectFieldGroup | String | |
objectFieldNotFlag | Boolean |
Valid values:
|
objectGroup | String | |
objectGroupAndFlag | Boolean |
Valid values:
|
objectName | String | |
objectNameNotFlag | Boolean |
Valid values:
|
osUser | String | Operating system user. |
osUserGroup | String | Operating system user group. |
osUserNotFlag | Boolean |
Valid values:
|
pattern | String | |
programGroup | String | The program group. |
programId | String | The program ID. |
quarantineMinutes | Integer | |
recordRuleDescription | Boolean |
Valid values:
|
recordsAffectedThreshold | Integer | |
regionGroup | String | |
regionId | String | |
replacementChar | String | |
resetInterval | Integer | |
responseLengthThreshold | Long | |
ruleDesc | String | Required. The name of the rule to update. To update the rule description, use the newDesc parameter. |
senderIP | String | |
senderIPGroup | String | |
senderIPNotFlag | Boolean |
Valid values:
|
senderNetMask | String | |
serverDescription | String | |
serverDescriptionGroup | String | |
serverDescriptionNotFlag | Boolean |
Valid values:
|
serverHostGroup | String | Server host group. |
serverHostName | String | Server hostname. |
serverHostNotFlag | Boolean |
Valid values:
|
serverIP | String | The server IP. |
serverIpGroup | String | Servier IP group. |
serverIpNotFlag | Boolean |
Valid values:
|
serverNetMask | String | |
serverOsName | String | |
serverOsNameGroup | String | |
serverOsNotFlag | Boolean |
Valid values:
|
serverPort | Integer | |
serverPortGroup | String | |
serverPortNotFlag | Boolean |
Valid values:
|
serviceName | String | |
serviceNameGroup | String | |
serviceNameNotFlag | Boolean |
Valid values:
|
serviceObjectGroup | String | |
serviceObjectGroupNotFlag | Boolean |
Valid values:
|
session | String |
Required. Valid values:
|
sessionNotFlag | Boolean |
Valid values:
|
severity | String | The alert severity. Can be one of:
|
sourceProgram | String | |
sourceProgramGroup | String | |
sourceProgramNotFlag | Boolean |
Valid values:
|
sqlPattern | String | |
startTime | String | |
startTimeNotFlag | Boolean |
Valid values:
|
terminalGroup | String | |
terminalId | String | |
transactionGroup | String | |
transactionId | String | |
triggerOncePerSession | Boolean |
Valid values:
|
tuplesDesc | String | |
tuplesGroup | String | |
tuplesNotFlag | Boolean |
Valid values:
|
xmlPattern | String | A regular expression (regex) to match. |
api_target_host | String |
Specifies the target hosts where the API executes. Valid values:
IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode. |
GuardAPI example
grdapi update_rule ruleDesc="Rule Description" fromPolicy="policy1" serviceName="ANY"