Update Correlation Rule API

Use this API to update a correlation rule.

POST/fim/v3/autocorrelation/rules/{autoCorrelationRuleId}/update

Input ParametersInput Parameters

Parameter

Mandatory/Optional

Data Type

Description

description Optional

String

The description for the correlation rule.

reviewers Optional

String

A list of comma-separated user names to review the incidents created from the rule.

approvalType

Optional

String

Approval Type of the Incident created by this rule.

Allowed values: AUTOMATED or MANUAL

approvalStatus Mandatory if approval type is Automated.

String

The approval status of the incident created by the rule.

Allowed values: APPROVED, POLICY_VIOLATION, UNAPPROVED, NA.

changeType

Mandatory if approval type is Automated.

String

Type of Incidents created by the rule.

Allowed values: MANUAL, AUTOMATED, COMPROMISE, OTHER.

comment Mandatory if approval type is Automated.

String

Comments for Incidents created by rule.

dispositionCategory

Mandatory if approval type is Automated.

String

The category of the Incident created by the rule.

Allowed values: PATCHING, PRE_APPROVED_CHANGE_CONTROL, CONFIGURATION_CHANGE, HUMAN_ERROR, DATA_CORRUPTION, EMERGENCY_CHANGE, CHANGE_CONTROL_VIOLATION, GENERAL_HACKING,

MALWARE

scheduleType

Optional

String

The schedule for the rule:

Allowed values: ONETIME, DAILY, WEEKLY, MONTHLY

Note: This parameter cannot be updated from:

-ONETIME to WEEKLY, MONTHLY, DAILY or

-WEEKLY, MONTHLY, DAILY to ONETIME

Also, ONETIME Rule cannot be updated after END time is over.

startTime

Optional

String

Time when the Correlation rule must start.

Format: HH:mm:ss

Note: The time must be mentioned in UTC format.

endTime

Mandatory if Schedule Type is selected as ONETIME

String

Time when the Correlation rule should end.

Format: HH:mm:ss

Note: The time must be mentioned in UTC format.

fixDate

Mandatory if Schedule Type is selected as ONETIME

String

The date on which the rule is executed.

Format: yyyy-MM-dd

Note: Its value should not be past date. The date must be mentioned in UTC format.

dayOfMonth

Mandatory if Schedule Type is selected as MONTHLY

String

The days of the month on which rule is executed.

Allowed values: integer (1-31).

days

Optional

String

For recurring weekly schedules, it is the list of days on which rule is executed.

Allowed values: Allowed values: integer (1-7), where Sunday (1) and Saturday (7). The default value is 1 (Sunday).

SampleSample

API Request

curl -X POST
<qualys_base_url>/fim/v3/autocorrelation/rules/{autoCorrelationRuleId}/update 
-H 'authorization: Bearer <token>' 
-H 'content-type: application/json' 
-d @request.json

Contents of request.json

{
  "fixDate": "2020-06-09",
  "endTime": "13:00:00",
  "startTime": "06:30:00",
  "description": "<DESCRIPTION>",
  "reviewers": [
    "<REVIEWER WHO UPDATED RULE>"
  ]
}

Response

{
  "customerId": "<CUSTOMER ID>",
  "id": "RULE ID",
  "ruleName": "Testing_reviewerField",
  "filterQuery": "action:Create",
  "description": "update description",
  "startTime": "06:30:00",
  "endTime": "13:00:00",
  "scheduleType": "ONETIME",
  "days": null,
  "fixDate": "2023-06-09",
  "changeType": "NORMAL_CHANGE",
  "dispositionCategory": "DISREGARD_OF_ORGANIZATIONAL_POLICY",
  "approvalType": "AUTOMATED",
  "approvalStatus": "PENDING",
  "reviewers": [
    "<REVIEWER NAME>",
    "<REVIEWER EMAIL ID>"
  ],
  "deleted": false,
  "status": "ACTIVATED",
  "dayOfMonth": null,
  "comment": "<COMMENT>",
  "createdById": "<USER ID>",
  "createdByName": "<USERNAME>",
  "createdDate": "2022-12-16T10:51:19.859+0000",
  "updatedById": "<USER ID>",
  "updatedByName": "<USERNAME>",
  "updatedDate": "2022-12-16T10:58:29.096+0000",
  "deletedById": null,
  "deletedByName": null,
  "deletedDate": null
}