create_fam_rule
This command creates a FAM rule. Each rule defines a set of conditions, and an action that is taken by Guardium® when the rule matches.
This API is available in Guardium V10.1.4 and later.
REST API syntax
This API is available as a REST service with the
POST
method. Call this API as
follows:
POST https://[Guardium hostname or IP address]:8443/restAPI/famPolicyRule
GuardAPI syntax
create_fam_rule parameter=value
Parameters
Parameter | Value type | Description |
---|---|---|
actionName | String | Required. The action taken when the rule criteria are met. Valid values:
|
alertReceiver | String | Recipient of the alert: any user of the appliance, for example admin. |
classDestination | String | Name of the custom class to be invoked. For valid values, call create_fam_rule from the command line with --help=true .
|
command | String | The command name to be matched. If not specified, all file system commands are counted as a
match. For valid values, call create_fam_rule from the command line with --help=true .
|
commandGroup | String | Name of the group of commands to be matched. Either commandGroup or commandGroupId must be specified. |
commandGroupId | Integer | ID of the group of commands to be matched. Either commandGroup or commandGroupId must be specified. |
filePath | String | File path to be monitored, or excluded from monitoring. See notfilePath. Either filePath or filePathGroup must be specified. |
filePathGroup | String | Group of file paths to be monitored, or excluded from monitoring. See notfilePath. Either filePath or filePathGroup must be specified. |
includeSubDirectory | String | Required. Whether or not files in subdirectories are included or not. Valid values:
|
messageTemplate | String | Message template name. For valid values, call create_fam_rule from the command line with --help=true .
|
notfilePath | String | Required. Valid values:
|
notificationType | String | Notification type. Valid values:
|
notOSUser | String | Required. Valid values:
|
osUser | String | The OS user to whom this rule applies. If osUser or osUserGroup are unspecified, then the rule applies to all users (except root). |
osUserGroup | String | The group of OS user names to whom this rule applies. If osUser or osUserGroup are unspecified, then the rule applies to all users (except root). |
policyName | String | Required. Name of policy to which this rule is added. For valid values, call create_fam_rule from the command line with --help=true .
|
removableMedia | String | Required. Include removable media when evaluating criteria. Valid values:
|
ruleName | String | Required. A unique rule name. |
serverHost | String | Host name to monitor. Use x.x.x.x to monitor all servers. Either serverHost or serverHostGroup must be specified. |
serverHostGroup | String | Guardium group of server hostnames to monitor. Either serverHost or serverHostGroup must be specified. |
Examples
grdapi create_fam_rule policyName=policy1 ruleName=rule1 serverHost="x.x.x.x" filePath="/famtest/*" command="DELETE" actionName="Alert and Audit" notificationType="SYSLOG"