update_rule

This command updates a policy rule.

This command updates the parameters that you specify for an existing rule in a specified policy. Only the rule name (ruleDesc) and policy name (fromPolicy) are required. If you do not specify a rule field, the field is ignored and not changed.

For more information about rule fields, see Rule definition fields.

This API is available in Guardium V9.5 and later.

REST API syntax

This API is available as a REST service with the PUT method. Call this API as follows:
PUT https://[Guardium hostname or IP address]:8443/restAPI/update_rule

GuardAPI syntax

update_rule parameter=value

Parameters

Parameter Value type Description
analyzedClientIP String  
analyzedClientIPGroup String  
analyzedClientIPNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
analyzedClientNetMask String  
appEventDate String Application event date.
appEventExists Boolean Match for an application event only. Valid values:
  • 0 (false)
  • 1 (true)
appEventNumValue String Application event number value.
appEventStrGroup String Application string group.
appEventStrValue String Application string value.
appUserGroup String Application user group.
appUserName String Application username.
appUserNameNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
audit String Audit name.
authType String  
authTypeGroup String  
authTypeNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)

Default = 1 (true)

category String Report category. For valid values, call update_rule from the command line with --help=true.
cicsUserGroup String CICS user group name.
cicsUserId String CICS user ID.
classification String Classification name.
clientHostGroup String Client host group name.
clientHostName String Client hostname.
clientHostNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
clientInfo String Client information. Use for Db2 and DB2_COLLECTION_PROFILE.
clientInfoGroup String Client information group. Use for DB2_COLLECTION_PROFILE.
clientIP String  
clientIpGroup String  
clientIpNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
clientMac String  
clientMacNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
clientNetMask String  
clientOsName String  
clientOsNameGroup String  
clientOsNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
clientProgramUserServerInstanceGroup String  
clientProgramUserServerInstanceNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
clientProgramUserServerInstanceOsDbGroup String  
clientProgramUserServerInstanceOsDbNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
clientTimezone String  
clientTimezoneGroup String  
clientTimezoneNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)

Default = 1 (true)

command String  
commandGroupAndFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
commandNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
commandsGroup String  
continueToNext Boolean Valid values:
  • 0 (false)
  • 1 (true)
dataPattern String  
datasetType String  
dateTime String Date and time (Time period parameter)
dbName String Database name.
dbNameGroup String Database group name.
dbNameNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
dbnameObjectGroup String Database object group name.
dbnameObjectGroupNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
dbProtocol String  
dbProtocolGroup String  
dbProtocolNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
dbType String Database type.
dbTypeGroup String  
dbTypeNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
dbUser String Database username.
dbUserGroup String Database user group.
dbUserNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
ddName String  
dliCallCodes String  
errorCode String An error code.
errorCodeNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
errorGroup String  
eventType String  
eventUserName String  
exceptionType String An exception type.
exceptionTypeIdNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
failureCode Integer A numeric failure code.
failureCodeGroup String The group for a failure code.
failureCodeNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
fieldGroupAndFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
fieldName String  
fieldNameGroup String  
fieldNameNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
fileGroup String  
fileId String  
fromPolicy String Required. The name of this policy.
functionCode String  
functionCodeGroup String  
imsDefinitionName String  
incident String  
logFlag String The log flag. Corresponds to Record Values parameter.
magenAddToHistory Boolean Valid values:
  • 0 (false)
  • 1 (true)
magenPageUrl String  
magenPageUrlGroup String  
magenPageUrlNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
matchedReturnedTreshold Integer  
messageTemplate String  
minCount Integer  
netProtocol String  
netProtocolGroup String  
netProtocolNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
newDesc String A new description for this rule.
objectCommandGroup String  
objectCommandNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
objectFieldGroup String  
objectFieldNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
objectGroup String  
objectGroupAndFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
objectName String  
objectNameNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
osUser String Operating system user.
osUserGroup String Operating system user group.
osUserNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
pattern String  
programGroup String The program group.
programId String The program ID.
quarantineMinutes Integer  
recordRuleDescription Boolean Valid values:
  • 0 (false)
  • 1 (true)
recordsAffectedThreshold Integer  
regionGroup String  
regionId String  
replacementChar String  
resetInterval Integer  
responseLengthThreshold Long  
ruleDesc String Required. The name of the rule to update. To update the rule description, use the newDesc parameter.
senderIP String  
senderIPGroup String  
senderIPNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
senderNetMask String  
serverDescription String  
serverDescriptionGroup String  
serverDescriptionNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
serverHostGroup String Server host group.
serverHostName String Server hostname.
serverHostNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
serverIP String The server IP.
serverIpGroup String Servier IP group.
serverIpNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
serverNetMask String  
serverOsName String  
serverOsNameGroup String  
serverOsNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
serverPort Integer  
serverPortGroup String  
serverPortNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
serviceName String  
serviceNameGroup String  
serviceNameNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
serviceObjectGroup String  
serviceObjectGroupNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
session String Required. Valid values:
  • LOCAL
  • TAP_DECRYPTED
  • ENCRYPTED
sessionNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
severity String The alert severity. Can be one of:
  • Info
  • Low
  • None
  • Med
  • High
sourceProgram String  
sourceProgramGroup String  
sourceProgramNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
sqlPattern String  
startTime String  
startTimeNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
terminalGroup String  
terminalId String  
transactionGroup String  
transactionId String  
triggerOncePerSession Boolean Valid values:
  • 0 (false)
  • 1 (true)
tuplesDesc String  
tuplesGroup String  
tuplesNotFlag Boolean Valid values:
  • 0 (false)
  • 1 (true)
xmlPattern String A regular expression (regex) to match.
api_target_host String

Specifies the target hosts where the API executes. Valid values:
  • all_managed: execute on all managed units but not the central manager
  • all: execute on all managed units and the central manager
  • group:<group name>: execute on all managed units identified by <group name>
  • host name or IP address of a managed unit: specified from the central manager to execute on a managed unit.  For example, api_target_host=10.0.1.123.
  • host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, api_target_host=10.0.1.123.

IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode.

GuardAPI example

grdapi update_rule ruleDesc="Rule Description" fromPolicy="policy1"  serviceName="ANY"