General Policy Constraints

Cortex XSIAM Platform APIs

  1. Third-Party Integration Data

    • For ingested data from third-party integrations:

      • Only the periodic scan trigger is supported, along with the ingestedData action that must be explicitly configured.

  2. Multiple Finding Types in Conditions

    • When selecting multiple Finding Type values within a single condition, only common filters across those types are available.
    • To use filters specific to a Finding Type, add another condition group that is separated by the OR operator.

  3. Condition and Scope Depth

    • The UI supports up to 2 levels of depth for conditions and scope.
    • The API allows up to 10 levels of depth for more complex policy configurations.

  4. Scope vs. Asset Groups

    • You must define either a scope (detailed asset filters) or specify assetGroupIds, but not both in the same policy.
    • If both fields are defined (contain values), then only the assetGroupIds will be applied and the scope will be ignored.

  5. Empty Results during Configuration

    • Conditions and scope filters may return empty results during policy configuration.
    • Policies can still be saved for future use.
    • Once the policies are active, they will evaluate the conditions and trigger defined actions if matching results are found.
Request headers
Authorization String required

{api_key}
Example: your_api_key_here
x-xdr-auth-id String required

{api_key_id}
Example: 1
CLIENT REQUEST
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'Authorization: your_api_key_here' -H 'x-xdr-auth-id: 1'
'https://api-yourfqdn/public_api/appsec/v1/policies'
-d '{ "userSbac" : [ 6.027456183070403, 6.027456183070403 ], "suggestionId" : "suggestionId", "scope" : { "OR" : [ { "OR" : [ null, null ], "SEARCH_FIELD" : "Finding Type", "AND" : [ null, null ], "SEARCH_VALUE" : true }, { "OR" : [ null, null ], "SEARCH_FIELD" : "Finding Type", "AND" : [ null, null ], "SEARCH_VALUE" : true } ], "SEARCH_FIELD" : "SEARCH_FIELD", "AND" : [ { "OR" : [ null, null ], "SEARCH_FIELD" : "Finding Type", "AND" : [ null, null ], "SEARCH_VALUE" : true }, { "OR" : [ null, null ], "SEARCH_FIELD" : "Finding Type", "AND" : [ null, null ], "SEARCH_VALUE" : true } ] }, "name" : "name", "description" : "description", "assetGroupIds" : [ 0.8008281904610115, 0.8008281904610115 ], "conditions" : { "OR" : [ { "OR" : [ null, null ], "SEARCH_FIELD" : "Finding Type", "AND" : [ null, null ], "SEARCH_VALUE" : true }, { "OR" : [ null, null ], "SEARCH_FIELD" : "Finding Type", "AND" : [ null, null ], "SEARCH_VALUE" : true } ], "SEARCH_FIELD" : "SEARCH_FIELD", "AND" : [ { "OR" : [ null, null ], "SEARCH_FIELD" : "Finding Type", "AND" : [ null, null ], "SEARCH_VALUE" : true }, { "OR" : [ null, null ], "SEARCH_FIELD" : "Finding Type", "AND" : [ null, null ], "SEARCH_VALUE" : true } ], "SEARCH_VALUE" : true }, "triggers" : { "pr" : { "isEnabled" : true, "actions" : { "reportIssue" : true, "blockPr" : true, "reportPrComment" : true }, "overrideIssueSeverity" : "Critical" }, "imageRegistry" : { "isEnabled" : true, "actions" : { "reportIssue" : true }, "overrideIssueSeverity" : "Critical" }, "periodic" : { "isEnabled" : true, "actions" : { "reportIssue" : true }, "overrideIssueSeverity" : "Critical" }, "ciImage" : { "isEnabled" : true, "actions" : { "reportIssue" : true, "blockCicd" : true, "reportCicd" : true }, "overrideIssueSeverity" : "Critical" }, "cicd" : { "isEnabled" : true, "actions" : { "reportIssue" : true, "blockCicd" : true, "reportCicd" : true }, "overrideIssueSeverity" : "Critical" } }, "enabled" : true }'
import http.client conn = http.client.HTTPSConnection("api-yourfqdn") payload = "{\"conditions\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"description\":\"string\",\"name\":\"string\",\"scope\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"triggers\":{\"cicd\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"ciImage\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"imageRegistry\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"periodic\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"pr\":{\"actions\":{\"blockPr\":true,\"reportIssue\":true,\"reportPrComment\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"}},\"enabled\":true,\"assetGroupIds\":[0.1],\"suggestionId\":\"string\",\"userSbac\":[0.1]}" headers = { 'Authorization': "your_api_key_here", 'x-xdr-auth-id': "1", 'content-type': "application/json" } conn.request("POST", "/public_api/appsec/v1/policies", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-yourfqdn/public_api/appsec/v1/policies") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["Authorization"] = 'your_api_key_here' request["x-xdr-auth-id"] = '1' request["content-type"] = 'application/json' request.body = "{\"conditions\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"description\":\"string\",\"name\":\"string\",\"scope\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"triggers\":{\"cicd\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"ciImage\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"imageRegistry\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"periodic\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"pr\":{\"actions\":{\"blockPr\":true,\"reportIssue\":true,\"reportPrComment\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"}},\"enabled\":true,\"assetGroupIds\":[0.1],\"suggestionId\":\"string\",\"userSbac\":[0.1]}" response = http.request(request) puts response.read_body
const data = JSON.stringify({ "conditions": { "SEARCH_FIELD": "string", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [ { "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [ { "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [ null ], "OR": [ null ] } ], "OR": [ { "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [ null ], "OR": [ null ] } ] } ], "OR": [ { "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [ { "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [ null ], "OR": [ null ] } ], "OR": [ { "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [ null ], "OR": [ null ] } ] } ] }, "description": "string", "name": "string", "scope": { "SEARCH_FIELD": "string", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [ { "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [ { "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [ null ], "OR": [ null ] } ], "OR": [ { "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [ null ], "OR": [ null ] } ] } ], "OR": [ { "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [ { "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [ null ], "OR": [ null ] } ], "OR": [ { "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [ null ], "OR": [ null ] } ] } ] }, "triggers": { "cicd": { "actions": { "blockCicd": true, "reportCicd": true, "reportIssue": true }, "isEnabled": true, "overrideIssueSeverity": "Critical" }, "ciImage": { "actions": { "blockCicd": true, "reportCicd": true, "reportIssue": true }, "isEnabled": true, "overrideIssueSeverity": "Critical" }, "imageRegistry": { "actions": { "reportIssue": true }, "isEnabled": true, "overrideIssueSeverity": "Critical" }, "periodic": { "actions": { "reportIssue": true }, "isEnabled": true, "overrideIssueSeverity": "Critical" }, "pr": { "actions": { "blockPr": true, "reportIssue": true, "reportPrComment": true }, "isEnabled": true, "overrideIssueSeverity": "Critical" } }, "enabled": true, "assetGroupIds": [ 0.1 ], "suggestionId": "string", "userSbac": [ 0.1 ] }); const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-yourfqdn/public_api/appsec/v1/policies"); xhr.setRequestHeader("Authorization", "your_api_key_here"); xhr.setRequestHeader("x-xdr-auth-id", "1"); xhr.setRequestHeader("content-type", "application/json"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/appsec/v1/policies") .header("Authorization", "your_api_key_here") .header("x-xdr-auth-id", "1") .header("content-type", "application/json") .body("{\"conditions\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"description\":\"string\",\"name\":\"string\",\"scope\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"triggers\":{\"cicd\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"ciImage\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"imageRegistry\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"periodic\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"pr\":{\"actions\":{\"blockPr\":true,\"reportIssue\":true,\"reportPrComment\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"}},\"enabled\":true,\"assetGroupIds\":[0.1],\"suggestionId\":\"string\",\"userSbac\":[0.1]}") .asString();
import Foundation let headers = [ "Authorization": "your_api_key_here", "x-xdr-auth-id": "1", "content-type": "application/json" ] let parameters = [ "conditions": [ "SEARCH_FIELD": "string", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [ [ "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [ [ "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [], "OR": [] ] ], "OR": [ [ "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [], "OR": [] ] ] ] ], "OR": [ [ "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [ [ "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [], "OR": [] ] ], "OR": [ [ "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [], "OR": [] ] ] ] ] ], "description": "string", "name": "string", "scope": [ "SEARCH_FIELD": "string", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [ [ "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [ [ "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [], "OR": [] ] ], "OR": [ [ "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [], "OR": [] ] ] ] ], "OR": [ [ "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [ [ "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [], "OR": [] ] ], "OR": [ [ "SEARCH_FIELD": "Finding Type", "SEARCH_TYPE": "ARRAY_CONTAINS", "SEARCH_VALUE": true, "AND": [], "OR": [] ] ] ] ] ], "triggers": [ "cicd": [ "actions": [ "blockCicd": true, "reportCicd": true, "reportIssue": true ], "isEnabled": true, "overrideIssueSeverity": "Critical" ], "ciImage": [ "actions": [ "blockCicd": true, "reportCicd": true, "reportIssue": true ], "isEnabled": true, "overrideIssueSeverity": "Critical" ], "imageRegistry": [ "actions": ["reportIssue": true], "isEnabled": true, "overrideIssueSeverity": "Critical" ], "periodic": [ "actions": ["reportIssue": true], "isEnabled": true, "overrideIssueSeverity": "Critical" ], "pr": [ "actions": [ "blockPr": true, "reportIssue": true, "reportPrComment": true ], "isEnabled": true, "overrideIssueSeverity": "Critical" ] ], "enabled": true, "assetGroupIds": [0.1], "suggestionId": "string", "userSbac": [0.1] ] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/appsec/v1/policies")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-yourfqdn/public_api/appsec/v1/policies", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "{\"conditions\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"description\":\"string\",\"name\":\"string\",\"scope\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"triggers\":{\"cicd\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"ciImage\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"imageRegistry\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"periodic\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"pr\":{\"actions\":{\"blockPr\":true,\"reportIssue\":true,\"reportPrComment\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"}},\"enabled\":true,\"assetGroupIds\":[0.1],\"suggestionId\":\"string\",\"userSbac\":[0.1]}", CURLOPT_HTTPHEADER => [ "Authorization: your_api_key_here", "content-type: application/json", "x-xdr-auth-id: 1" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/appsec/v1/policies"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "Authorization: your_api_key_here"); headers = curl_slist_append(headers, "x-xdr-auth-id: 1"); headers = curl_slist_append(headers, "content-type: application/json"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"conditions\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"description\":\"string\",\"name\":\"string\",\"scope\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"triggers\":{\"cicd\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"ciImage\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"imageRegistry\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"periodic\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"pr\":{\"actions\":{\"blockPr\":true,\"reportIssue\":true,\"reportPrComment\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"}},\"enabled\":true,\"assetGroupIds\":[0.1],\"suggestionId\":\"string\",\"userSbac\":[0.1]}"); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-yourfqdn/public_api/appsec/v1/policies"); var request = new RestRequest(Method.POST); request.AddHeader("Authorization", "your_api_key_here"); request.AddHeader("x-xdr-auth-id", "1"); request.AddHeader("content-type", "application/json"); request.AddParameter("application/json", "{\"conditions\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"description\":\"string\",\"name\":\"string\",\"scope\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"triggers\":{\"cicd\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"ciImage\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"imageRegistry\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"periodic\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"pr\":{\"actions\":{\"blockPr\":true,\"reportIssue\":true,\"reportPrComment\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"}},\"enabled\":true,\"assetGroupIds\":[0.1],\"suggestionId\":\"string\",\"userSbac\":[0.1]}", ParameterType.RequestBody); IRestResponse response = client.Execute(request);
Body parameters
required
application/json

Define the Application Security policy.

Notes:

  • The policyType field is auto-assigned by the API based on the Finding Type in conditions, it is not set in the request body.
  • The conditions and scope fields are required. The scope can be set to {} for global scope.
conditionsobject

Defines the specific criteria (conditions) that will trigger the policy. You can combine multiple conditions to create complex rules for when the policy should be applied. If you combine multiple Finding Type values using OR, only the common fields across those types will be valid.

Note:

  • When used in AND, all conditions within this array must be met.
  • When used in OR, at least one condition within this array must be met.
  • Selecting Finding Type determines which condition fields you can configure. Each Finding Type supports a specific set of condition fields. To see which fields are allowed for each type, see the Supported Condition Fields table.