put
/public_api/appsec/v1/policies/{policyId}
Updates an existing Application Security policy by policy ID. Use this endpoint to modify the policy’s Conditions, Scope, Triggers or Actions.
Note: To block threats in the CI workflow, you must integrate the Cortex CLI into your pipeline.
Required license:
Cortex XSIAM Premium. In Cortex XSIAM Enterprise and Cortex NG SIEM, requires the Cortex Cloud Posture Management add-on. Not supported in XSIAM Enterprise Plus.
Path parameters
policyId
String
required
Unique identifier for the policy
Unique identifier for the policy
Example:
d4e5f6a7-b8c9-0123-def0-1234567890ab
Request headers
Authorization
String
required
{api_key}
{api_key}
Example:
your_api_key_here
x-xdr-auth-id
String
required
{api_key_id}
{api_key_id}
Example:
1
CLIENT REQUEST
curl -X 'PUT'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
-H
'Authorization: your_api_key_here'
-H
'x-xdr-auth-id: 1'
'https://api-yourfqdn/public_api/appsec/v1/policies/{policyId}'
-d
'{
"userSbac" : [ 6.027456183070403, 6.027456183070403 ],
"suggestionId" : "suggestionId",
"scope" : {
"OR" : [ {
"OR" : [ null, null ],
"SEARCH_FIELD" : "Finding Type",
"AND" : [ null, null ],
"SEARCH_VALUE" : true
}, {
"OR" : [ null, null ],
"SEARCH_FIELD" : "Finding Type",
"AND" : [ null, null ],
"SEARCH_VALUE" : true
} ],
"SEARCH_FIELD" : "SEARCH_FIELD",
"AND" : [ {
"OR" : [ null, null ],
"SEARCH_FIELD" : "Finding Type",
"AND" : [ null, null ],
"SEARCH_VALUE" : true
}, {
"OR" : [ null, null ],
"SEARCH_FIELD" : "Finding Type",
"AND" : [ null, null ],
"SEARCH_VALUE" : true
} ]
},
"name" : "name",
"relatedDetectionRules" : [ "relatedDetectionRules", "relatedDetectionRules" ],
"description" : "description",
"assetGroupIds" : [ 0.8008281904610115, 0.8008281904610115 ],
"conditions" : {
"OR" : [ {
"OR" : [ null, null ],
"SEARCH_FIELD" : "Finding Type",
"AND" : [ null, null ],
"SEARCH_VALUE" : true
}, {
"OR" : [ null, null ],
"SEARCH_FIELD" : "Finding Type",
"AND" : [ null, null ],
"SEARCH_VALUE" : true
} ],
"SEARCH_FIELD" : "SEARCH_FIELD",
"AND" : [ {
"OR" : [ null, null ],
"SEARCH_FIELD" : "Finding Type",
"AND" : [ null, null ],
"SEARCH_VALUE" : true
}, {
"OR" : [ null, null ],
"SEARCH_FIELD" : "Finding Type",
"AND" : [ null, null ],
"SEARCH_VALUE" : true
} ],
"SEARCH_VALUE" : true
},
"triggers" : {
"pr" : {
"isEnabled" : true,
"actions" : {
"reportIssue" : true,
"blockPr" : true,
"reportPrComment" : true
},
"overrideIssueSeverity" : "Critical"
},
"imageRegistry" : {
"isEnabled" : true,
"actions" : {
"reportIssue" : true
},
"overrideIssueSeverity" : "Critical"
},
"periodic" : {
"isEnabled" : true,
"actions" : {
"reportIssue" : true
},
"overrideIssueSeverity" : "Critical"
},
"ciImage" : {
"isEnabled" : true,
"actions" : {
"reportIssue" : true,
"blockCicd" : true,
"reportCicd" : true
},
"overrideIssueSeverity" : "Critical"
},
"cicd" : {
"isEnabled" : true,
"actions" : {
"reportIssue" : true,
"blockCicd" : true,
"reportCicd" : true
},
"overrideIssueSeverity" : "Critical"
}
},
"enabled" : true
}'
import http.client
conn = http.client.HTTPSConnection("api-yourfqdn")
payload = "{\"name\":\"string\",\"description\":\"string\",\"conditions\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"scope\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"triggers\":{\"cicd\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"ciImage\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"imageRegistry\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"periodic\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"pr\":{\"actions\":{\"blockPr\":true,\"reportIssue\":true,\"reportPrComment\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"}},\"relatedDetectionRules\":[\"string\"],\"enabled\":true,\"suggestionId\":\"string\",\"assetGroupIds\":[0.1],\"userSbac\":[0.1]}"
headers = {
'Authorization': "your_api_key_here",
'x-xdr-auth-id': "1",
'content-type': "application/json"
}
conn.request("PUT", "/public_api/appsec/v1/policies/d4e5f6a7-b8c9-0123-def0-1234567890ab", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://api-yourfqdn/public_api/appsec/v1/policies/d4e5f6a7-b8c9-0123-def0-1234567890ab")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Put.new(url)
request["Authorization"] = 'your_api_key_here'
request["x-xdr-auth-id"] = '1'
request["content-type"] = 'application/json'
request.body = "{\"name\":\"string\",\"description\":\"string\",\"conditions\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"scope\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"triggers\":{\"cicd\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"ciImage\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"imageRegistry\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"periodic\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"pr\":{\"actions\":{\"blockPr\":true,\"reportIssue\":true,\"reportPrComment\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"}},\"relatedDetectionRules\":[\"string\"],\"enabled\":true,\"suggestionId\":\"string\",\"assetGroupIds\":[0.1],\"userSbac\":[0.1]}"
response = http.request(request)
puts response.read_bodyconst data = JSON.stringify({
"name": "string",
"description": "string",
"conditions": {
"SEARCH_FIELD": "string",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [
{
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [
{
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [
null
],
"OR": [
null
]
}
],
"OR": [
{
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [
null
],
"OR": [
null
]
}
]
}
],
"OR": [
{
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [
{
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [
null
],
"OR": [
null
]
}
],
"OR": [
{
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [
null
],
"OR": [
null
]
}
]
}
]
},
"scope": {
"SEARCH_FIELD": "string",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [
{
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [
{
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [
null
],
"OR": [
null
]
}
],
"OR": [
{
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [
null
],
"OR": [
null
]
}
]
}
],
"OR": [
{
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [
{
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [
null
],
"OR": [
null
]
}
],
"OR": [
{
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [
null
],
"OR": [
null
]
}
]
}
]
},
"triggers": {
"cicd": {
"actions": {
"blockCicd": true,
"reportCicd": true,
"reportIssue": true
},
"isEnabled": true,
"overrideIssueSeverity": "Critical"
},
"ciImage": {
"actions": {
"blockCicd": true,
"reportCicd": true,
"reportIssue": true
},
"isEnabled": true,
"overrideIssueSeverity": "Critical"
},
"imageRegistry": {
"actions": {
"reportIssue": true
},
"isEnabled": true,
"overrideIssueSeverity": "Critical"
},
"periodic": {
"actions": {
"reportIssue": true
},
"isEnabled": true,
"overrideIssueSeverity": "Critical"
},
"pr": {
"actions": {
"blockPr": true,
"reportIssue": true,
"reportPrComment": true
},
"isEnabled": true,
"overrideIssueSeverity": "Critical"
}
},
"relatedDetectionRules": [
"string"
],
"enabled": true,
"suggestionId": "string",
"assetGroupIds": [
0.1
],
"userSbac": [
0.1
]
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("PUT", "https://api-yourfqdn/public_api/appsec/v1/policies/d4e5f6a7-b8c9-0123-def0-1234567890ab");
xhr.setRequestHeader("Authorization", "your_api_key_here");
xhr.setRequestHeader("x-xdr-auth-id", "1");
xhr.setRequestHeader("content-type", "application/json");
xhr.send(data);HttpResponse<String> response = Unirest.put("https://api-yourfqdn/public_api/appsec/v1/policies/d4e5f6a7-b8c9-0123-def0-1234567890ab")
.header("Authorization", "your_api_key_here")
.header("x-xdr-auth-id", "1")
.header("content-type", "application/json")
.body("{\"name\":\"string\",\"description\":\"string\",\"conditions\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"scope\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"triggers\":{\"cicd\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"ciImage\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"imageRegistry\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"periodic\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"pr\":{\"actions\":{\"blockPr\":true,\"reportIssue\":true,\"reportPrComment\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"}},\"relatedDetectionRules\":[\"string\"],\"enabled\":true,\"suggestionId\":\"string\",\"assetGroupIds\":[0.1],\"userSbac\":[0.1]}")
.asString();import Foundation
let headers = [
"Authorization": "your_api_key_here",
"x-xdr-auth-id": "1",
"content-type": "application/json"
]
let parameters = [
"name": "string",
"description": "string",
"conditions": [
"SEARCH_FIELD": "string",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [
[
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [
[
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [],
"OR": []
]
],
"OR": [
[
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [],
"OR": []
]
]
]
],
"OR": [
[
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [
[
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [],
"OR": []
]
],
"OR": [
[
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [],
"OR": []
]
]
]
]
],
"scope": [
"SEARCH_FIELD": "string",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [
[
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [
[
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [],
"OR": []
]
],
"OR": [
[
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [],
"OR": []
]
]
]
],
"OR": [
[
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [
[
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [],
"OR": []
]
],
"OR": [
[
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "ARRAY_CONTAINS",
"SEARCH_VALUE": true,
"AND": [],
"OR": []
]
]
]
]
],
"triggers": [
"cicd": [
"actions": [
"blockCicd": true,
"reportCicd": true,
"reportIssue": true
],
"isEnabled": true,
"overrideIssueSeverity": "Critical"
],
"ciImage": [
"actions": [
"blockCicd": true,
"reportCicd": true,
"reportIssue": true
],
"isEnabled": true,
"overrideIssueSeverity": "Critical"
],
"imageRegistry": [
"actions": ["reportIssue": true],
"isEnabled": true,
"overrideIssueSeverity": "Critical"
],
"periodic": [
"actions": ["reportIssue": true],
"isEnabled": true,
"overrideIssueSeverity": "Critical"
],
"pr": [
"actions": [
"blockPr": true,
"reportIssue": true,
"reportPrComment": true
],
"isEnabled": true,
"overrideIssueSeverity": "Critical"
]
],
"relatedDetectionRules": ["string"],
"enabled": true,
"suggestionId": "string",
"assetGroupIds": [0.1],
"userSbac": [0.1]
] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/appsec/v1/policies/d4e5f6a7-b8c9-0123-def0-1234567890ab")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "PUT"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api-yourfqdn/public_api/appsec/v1/policies/d4e5f6a7-b8c9-0123-def0-1234567890ab",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "PUT",
CURLOPT_POSTFIELDS => "{\"name\":\"string\",\"description\":\"string\",\"conditions\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"scope\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"triggers\":{\"cicd\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"ciImage\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"imageRegistry\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"periodic\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"pr\":{\"actions\":{\"blockPr\":true,\"reportIssue\":true,\"reportPrComment\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"}},\"relatedDetectionRules\":[\"string\"],\"enabled\":true,\"suggestionId\":\"string\",\"assetGroupIds\":[0.1],\"userSbac\":[0.1]}",
CURLOPT_HTTPHEADER => [
"Authorization: your_api_key_here",
"content-type: application/json",
"x-xdr-auth-id: 1"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "PUT");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/appsec/v1/policies/d4e5f6a7-b8c9-0123-def0-1234567890ab");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Authorization: your_api_key_here");
headers = curl_slist_append(headers, "x-xdr-auth-id: 1");
headers = curl_slist_append(headers, "content-type: application/json");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"name\":\"string\",\"description\":\"string\",\"conditions\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"scope\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"triggers\":{\"cicd\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"ciImage\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"imageRegistry\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"periodic\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"pr\":{\"actions\":{\"blockPr\":true,\"reportIssue\":true,\"reportPrComment\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"}},\"relatedDetectionRules\":[\"string\"],\"enabled\":true,\"suggestionId\":\"string\",\"assetGroupIds\":[0.1],\"userSbac\":[0.1]}");
CURLcode ret = curl_easy_perform(hnd);var client = new RestClient("https://api-yourfqdn/public_api/appsec/v1/policies/d4e5f6a7-b8c9-0123-def0-1234567890ab");
var request = new RestRequest(Method.PUT);
request.AddHeader("Authorization", "your_api_key_here");
request.AddHeader("x-xdr-auth-id", "1");
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"name\":\"string\",\"description\":\"string\",\"conditions\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"scope\":{\"SEARCH_FIELD\":\"string\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}],\"OR\":[{\"SEARCH_FIELD\":\"Finding Type\",\"SEARCH_TYPE\":\"ARRAY_CONTAINS\",\"SEARCH_VALUE\":true,\"AND\":[null],\"OR\":[null]}]}]},\"triggers\":{\"cicd\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"ciImage\":{\"actions\":{\"blockCicd\":true,\"reportCicd\":true,\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"imageRegistry\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"periodic\":{\"actions\":{\"reportIssue\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"},\"pr\":{\"actions\":{\"blockPr\":true,\"reportIssue\":true,\"reportPrComment\":true},\"isEnabled\":true,\"overrideIssueSeverity\":\"Critical\"}},\"relatedDetectionRules\":[\"string\"],\"enabled\":true,\"suggestionId\":\"string\",\"assetGroupIds\":[0.1],\"userSbac\":[0.1]}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Body parameters
Partial_BasePolicyRequest
required
application/json
namestringA unique name for the AppSec policy.
A unique name for the AppSec policy.
descriptionstringA brief description of the AppSec policy's purpose.
A brief description of the AppSec policy's purpose.
conditionsobjectDefines the specific criteria (conditions) that will trigger the policy. You can combine multiple conditions to create complex rules for when the policy should be applied. If you combine multiple Finding Type values using OR, only the common fields across those types will be valid.
Note:
- When used in
AND, all conditions within this array must be met.
- When used in
OR, at least one condition within this array must be met.
- Selecting
Finding Type determines which condition fields you can configure. Each Finding Type supports a specific set of condition fields. To see which fields are allowed for each type, see the Supported Condition Fields table.
Defines the specific criteria (conditions) that will trigger the policy. You can combine multiple conditions to create complex rules for when the policy should be applied. If you combine multiple Finding Type values using OR, only the common fields across those types will be valid.
Note:
- When used in
AND, all conditions within this array must be met. - When used in
OR, at least one condition within this array must be met. - Selecting
Finding Typedetermines which condition fields you can configure. EachFinding Typesupports a specific set of condition fields. To see which fields are allowed for each type, see the Supported Condition Fields table.