Update a Security Policy
Click here to see this page in full context


Update a Security Policy

Updates a specific runtime security policy.

PUT/csapi/v1.3/runtime/policies/{policyId}

Input ParametersInput Parameters

Parameter Mandatory/Optional Data Type Description

policyId

 Mandatory string

Specify the ID of the policy to update.

name

 Optional string

Specify a name for the policy.

description

 Optional string

Provide a description of your policy.

policyMode

 

 Mandatory

string

Use policyMode to specify the policy mode using a string value. Possible values: ACTIVE, INACTIVE, PERMISSIVE. Values are case sensitive.

defaultNetworkAction

 Mandatory string

The default action when ruleType is NETWORK_OUTBOUND or NETWORK_INBOUND. Possible values: ALLOW or DENY. Values are case sensitive.

defaultExecuteAction

 Mandatory string

The default action when ruleType is SYSCALL. Possible values: ALLOW or DENY. Values are case sensitive.

defaultFileAction

 Mandatory string

The default action when ruleType is READ or WRITE. Possible values: ALLOW or DENY. Values are case sensitive.

ignoredSyscalls

 Optional string

Define a list of system call names to ignore for this policy. No events will be created for ignored system calls even if there’s a policy rule match. Only valid system call names are allowed.

Enter a list of values like this: ["sys_read", "sys_write"]

rules

 Optional -

Policy rules defining controls for this policy specified within an array. See Rule Parameters.

SampleSample

API request

    curl --location --request PUT "<qualys_base_url>/csapi/v1.3/runtime/policies/5fb5e21f5caea20001fd27ce"
--header "Authorization: Bearer <token>"
--header "Content-Type: text/plain"
--data-raw "{
    "name": "Updated Policy Prevent Shadow Access To User",
    "created": "2020-11-10T08:14:22.509Z",
    "updated": "2020-11-10T08:14:22.509Z",
    "defaultNetworkAction": "ALLOW",
    "defaultExecuteAction": "ALLOW",
    "defaultFileAction": "ALLOW",
    "rules": [
        {
            "id": "5faa4bdeeda7de00015142c0",
            "name": "Deny access in cat /etc/shadow",
            "created": "0001-01-01T00:00:00Z",
            "updated": "0001-01-01T00:00:00Z",
            "inactive": false,
            "ruleType": "SYSCALL",
            "program": "*/cat",
            "action": "DENY",
            "file": "/etc/shadow",
            "port": 0,
            "ipAddress": "",
            "syscall": "sys_open",
            "arg1": "/etc/shadow",
            "arg2": "",
            "arg3": ""
        }
    ],
    "ignoredSyscalls": [],
    "policyMode": "ACTIVE",
    "description": "Example policy denies access to /etc/shadow from program cat"
}"

Response

    {
    "id": "5fb5e21f5caea20001fd27ce",
    "name": "Updated Policy Prevent Shadow Access To User",
    "created": "2020-11-19T03:10:23.36Z",
    "updated": "2020-11-19T03:13:03.083Z",
    "defaultNetworkAction": "ALLOW",
    "defaultExecuteAction": "ALLOW",
    "defaultFileAction": "ALLOW",
    "rules": [
        {
            "id": "5faa4bdeeda7de00015142c0",
            "name": "Deny access in cat /etc/shadow",
            "created": "0001-01-01T00:00:00Z",
            "updated": "0001-01-01T00:00:00Z",
            "inactive": false,
            "ruleType": "SYSCALL",
            "program": "*/cat",
            "action": "DENY",
            "file": "/etc/shadow",
            "port": 0,
            "ipAddress": "",
            "syscall": "sys_open",
            "arg1": "/etc/shadow",
            "arg2": "",
            "arg3": ""
        }
    ],
    "ignoredSyscalls": [],
    "policyMode": "ACTIVE",
    "description": "Example policy denies access to /etc/shadow from program cat"
}

 

 

Was this topic helpful?

success Thank you! We're glad to hear that this topic was useful.
success We appreciate your feedback. We'll work to make this topic better for you in the future.