update_threshold_in_rule

Use this API to change the threshold on a specific violation policy rule that is used to create an active threat analytics case type.

Changes to installed policies are applied according to the policy schedule. When adding a threshold to a rule in an installed policy, cases are created for violations (according to the threshold) only after the policy is reinstalled.

This API is available in Guardium V11.2 and later.

REST API syntax

This API is available as a REST service with the PUT method. Call this API as follows:
PUT https://[Guardium hostname or IP address]:8443/restAPI/update_threshold_in_rule

GuardAPI syntax

update_threshold_in_rule parameter=value

Parameters

Parameter Value type Description
policy_name String The policy that has the rule whose threshold you want to change. Use the API list_policy to view policies.
rule_name String The rule whose threshold you want to change. Use the API list_policy_rules to view rules.
threshold_value Integer The threshold at which a case is created.

Examples

To change the threshold to 50 in the ruleNNN in policyAAA:
grdapi update_threshold_in_rule policy_name=policyAAA rule_name=ruleNNN threshold=50