Updates a specific runtime security policy.
Parameter | Mandatory/Optional | Data Type | Description |
---|---|---|---|
policyId |
Mandatory | string |
Specify the ID of the policy to update. |
name |
Optional | string |
Specify a name for the policy. |
description |
Optional | string |
Provide a description of your policy. |
policyMode
|
Mandatory |
string |
Use policyMode to specify the policy mode using a string value. Possible values: ACTIVE, INACTIVE, PERMISSIVE. Values are case sensitive. |
defaultNetworkAction |
Mandatory | string |
The default action when ruleType is NETWORK_OUTBOUND or NETWORK_INBOUND. Possible values: ALLOW or DENY. Values are case sensitive. |
defaultExecuteAction |
Mandatory | string |
The default action when ruleType is SYSCALL. Possible values: ALLOW or DENY. Values are case sensitive. |
defaultFileAction |
Mandatory | string |
The default action when ruleType is READ or WRITE. Possible values: ALLOW or DENY. Values are case sensitive. |
ignoredSyscalls |
Optional | string |
Define a list of system call names to ignore for this policy. No events will be created for ignored system calls even if there’s a policy rule match. Only valid system call names are allowed. Enter a list of values like this: ["sys_read", "sys_write"] |
rules |
Optional | - |
Policy rules defining controls for this policy specified within an array. See Rule Parameters. |
API request
curl --location --request PUT "<qualys_base_url>/csapi/v1.3/runtime/policies/5fb5e21f5caea20001fd27ce"
--header "Authorization: Bearer <token>"
--header "Content-Type: text/plain"
--data-raw "{
"name": "Updated Policy Prevent Shadow Access To User",
"created": "2020-11-10T08:14:22.509Z",
"updated": "2020-11-10T08:14:22.509Z",
"defaultNetworkAction": "ALLOW",
"defaultExecuteAction": "ALLOW",
"defaultFileAction": "ALLOW",
"rules": [
{
"id": "5faa4bdeeda7de00015142c0",
"name": "Deny access in cat /etc/shadow",
"created": "0001-01-01T00:00:00Z",
"updated": "0001-01-01T00:00:00Z",
"inactive": false,
"ruleType": "SYSCALL",
"program": "*/cat",
"action": "DENY",
"file": "/etc/shadow",
"port": 0,
"ipAddress": "",
"syscall": "sys_open",
"arg1": "/etc/shadow",
"arg2": "",
"arg3": ""
}
],
"ignoredSyscalls": [],
"policyMode": "ACTIVE",
"description": "Example policy denies access to /etc/shadow from program cat"
}"
Response
{
"id": "5fb5e21f5caea20001fd27ce",
"name": "Updated Policy Prevent Shadow Access To User",
"created": "2020-11-19T03:10:23.36Z",
"updated": "2020-11-19T03:13:03.083Z",
"defaultNetworkAction": "ALLOW",
"defaultExecuteAction": "ALLOW",
"defaultFileAction": "ALLOW",
"rules": [
{
"id": "5faa4bdeeda7de00015142c0",
"name": "Deny access in cat /etc/shadow",
"created": "0001-01-01T00:00:00Z",
"updated": "0001-01-01T00:00:00Z",
"inactive": false,
"ruleType": "SYSCALL",
"program": "*/cat",
"action": "DENY",
"file": "/etc/shadow",
"port": 0,
"ipAddress": "",
"syscall": "sys_open",
"arg1": "/etc/shadow",
"arg2": "",
"arg3": ""
}
],
"ignoredSyscalls": [],
"policyMode": "ACTIVE",
"description": "Example policy denies access to /etc/shadow from program cat"
}
Was this topic helpful?