Use this API to update a correlation rule.
Parameter |
Mandatory/Optional |
Data Type |
Description |
---|---|---|---|
description | Optional |
String |
The description for the correlation rule. |
reviewers | Optional |
String |
A list of comma-separated user names to review the incidents created from the rule. |
approvalType |
Optional |
String |
Approval Type of the Incident created by this rule. Allowed values: AUTOMATED or MANUAL |
approvalStatus | Mandatory if approval type is Automated. |
String |
The approval status of the incident created by the rule. Allowed values: APPROVED, POLICY_VIOLATION, UNAPPROVED, NA. |
changeType |
Mandatory if approval type is Automated. |
String |
Type of Incidents created by the rule. Allowed values: MANUAL, AUTOMATED, COMPROMISE, OTHER. |
comment | Mandatory if approval type is Automated. |
String |
Comments for Incidents created by rule. |
dispositionCategory |
Mandatory if approval type is Automated. |
String |
The category of the Incident created by the rule. Allowed values: PATCHING, PRE_APPROVED_CHANGE_CONTROL, CONFIGURATION_CHANGE, HUMAN_ERROR, DATA_CORRUPTION, EMERGENCY_CHANGE, CHANGE_CONTROL_VIOLATION, GENERAL_HACKING, MALWARE |
scheduleType |
Optional |
String |
The schedule for the rule: Allowed values: ONETIME, DAILY, WEEKLY, MONTHLY Note: This parameter cannot be updated from: -ONETIME to WEEKLY, MONTHLY, DAILY or -WEEKLY, MONTHLY, DAILY to ONETIME Also, ONETIME Rule cannot be updated after END time is over. |
startTime |
Optional |
String |
Time when the Correlation rule must start. Format: HH:mm:ss Note: The time must be mentioned in UTC format. |
endTime |
Mandatory if Schedule Type is selected as ONETIME |
String |
Time when the Correlation rule should end. Format: HH:mm:ss Note: The time must be mentioned in UTC format. |
fixDate |
Mandatory if Schedule Type is selected as ONETIME |
String |
The date on which the rule is executed. Format: yyyy-MM-dd Note: Its value should not be past date. The date must be mentioned in UTC format. |
dayOfMonth |
Mandatory if Schedule Type is selected as MONTHLY |
String |
The days of the month on which rule is executed. Allowed values: integer (1-31). |
days |
Optional |
String |
For recurring weekly schedules, it is the list of days on which rule is executed. Allowed values: Allowed values: integer (1-7), where Sunday (1) and Saturday (7). The default value is 1 (Sunday). |
API Request
curl -X POST
<qualys_base_url>
/fim/v3/autocorrelation/rules/{autoCorrelationRuleId}/update
-H 'authorization: Bearer <token>'
-H 'content-type: application/json'
-d @request.json
Contents of request.json
{ "fixDate": "2020-06-09", "endTime": "13:00:00", "startTime": "06:30:00", "description": "<DESCRIPTION>", "reviewers": [ "<REVIEWER WHO UPDATED RULE>" ] }
Response
{ "customerId": "<CUSTOMER ID>", "id": "RULE ID", "ruleName": "Testing_reviewerField", "filterQuery": "action:Create", "description": "update description", "startTime": "06:30:00", "endTime": "13:00:00", "scheduleType": "ONETIME", "days": null, "fixDate": "2023-06-09", "changeType": "NORMAL_CHANGE", "dispositionCategory": "DISREGARD_OF_ORGANIZATIONAL_POLICY", "approvalType": "AUTOMATED", "approvalStatus": "PENDING", "reviewers": [ "<REVIEWER NAME>", "<REVIEWER EMAIL ID>" ], "deleted": false, "status": "ACTIVATED", "dayOfMonth": null, "comment": "<COMMENT>", "createdById": "<USER ID>", "createdByName": "<USERNAME>", "createdDate": "2022-12-16T10:51:19.859+0000", "updatedById": "<USER ID>", "updatedByName": "<USERNAME>", "updatedDate": "2022-12-16T10:58:29.096+0000", "deletedById": null, "deletedByName": null, "deletedDate": null }