update_threshold_in_rule
Use this API to change the threshold on a specific violation policy rule that is used to create an active threat analytics case type.
Changes to installed policies are applied according to the policy schedule. When adding a threshold to a rule in an installed policy, cases are created for violations (according to the threshold) only after the policy is reinstalled.
This API is available in Guardium V11.2 and later.
REST API syntax
This API is available as a REST service with the
PUT
method. Call this API as follows:
PUT https://[Guardium hostname or IP address]:8443/restAPI/update_threshold_in_rule
GuardAPI syntax
update_threshold_in_rule parameter=value
Parameters
Parameter | Value type | Description |
---|---|---|
policy_name | String | The policy that has the rule whose threshold you want to change. Use the API list_policy to view policies. |
rule_name | String | The rule whose threshold you want to change. Use the API list_policy_rules to view rules. |
threshold_value | Integer | The threshold at which a case is created. |
Examples
To change the threshold to 50 in the ruleNNN in
policyAAA:
grdapi update_threshold_in_rule policy_name=policyAAA rule_name=ruleNNN threshold=50