How To
Summary
This article contains a step by step of how to delete rules that are no longer needed from the API.
Steps
Notes:
- These steps require all rules to be moved to a Rule Group before the rules are deleted, so they can be easier to be found.
- Only users with permissions to edit rule can perform these steps.
How to delete rules by using the API:
- Navigate to https://<Console IP>/api_doc and open the Interactive API for Developers.
- Go to analytics, select rule_groups
- In the right pane, scroll down until the Parameters box is visible, once there, add the following:
• To the fields text box: name, child_items
• To the filter text box: name=“<Rule_group>”
• Leave the range text box blank.
- Click Try it Out! The response is similar to:
- From the output make note of the child_items IDs, these "child_items" are the rules included in that Rule Group.
- Go to analytics, select rules and then {id}:
- On the right pane, click the red DELETE button at the upper left and scroll down to the Parameters.
- In the id text box, paste the child_items IDs, one at the time and click Try it Out!
Result:
The administrators are able to remove rules from the system by using GUI with API.
The administrators are able to remove rules from the system by using GUI with API.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtrAAA","label":"Rules"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
20 June 2022
UID
ibm16595757