Update Correlation Rule API
Use this API to update a correlation rule.
Input ParametersInput Parameters
|
Parameter |
Mandatory/ |
Data Type |
Description |
|---|---|---|---|
| description | Optional |
String |
The description for the correlation rule. |
| reviewers | Optional |
String |
A list of comma-separated user names to review the incidents created from the rule. |
| approvalType |
Optional |
String |
Approval Type of the Incident created by this rule. Allowed values: AUTOMATED or MANUAL |
| approvalStatus | Mandatory if approval type is Automated. |
String |
The approval status of the incident created by the rule. Allowed values: APPROVED, POLICY_VIOLATION, UNAPPROVED, NA. |
| changeType |
Mandatory if approval type is Automated. |
String |
Type of Incidents created by the rule. Allowed values: MANUAL, AUTOMATED, COMPROMISE, OTHER. |
| comment | Mandatory if approval type is Automated. |
String |
Comments for Incidents created by rule. |
| disposition Category |
Mandatory if approval type is Automated. |
String |
The category of the Incident created by the rule. Allowed values: PATCHING, PRE_APPROVED_CHANGE_CONTROL, CONFIGURATION_CHANGE, HUMAN_ERROR, DATA_CORRUPTION, EMERGENCY_CHANGE, CHANGE_CONTROL_VIOLATION, GENERAL_HACKING, MALWARE |
| scheduleType |
Optional |
String |
The schedule for the rule: Allowed values: ONETIME, DAILY, WEEKLY, MONTHLY Note: This parameter cannot be updated from: -ONETIME to WEEKLY, MONTHLY, DAILY or -WEEKLY, MONTHLY, DAILY to ONETIME Also, ONETIME Rule cannot be updated after END time is over. |
| startTime |
Optional |
String |
Time when the Correlation rule must start. Format: HH:mm:ss Note: The time must be mentioned in UTC format. |
| endTime |
Mandatory if Schedule Type is selected as ONETIME |
String |
Time when the Correlation rule should end. Format: HH:mm:ss Note: The time must be mentioned in UTC format. |
|
fixDate |
Mandatory if Schedule Type is selected as ONETIME |
String |
The date on which the rule is executed. Format: yyyy-MM-dd Note: Its value should not be past date. The date must be mentioned in UTC format. |
| dayOfMonth |
Mandatory if Schedule Type is selected as MONTHLY |
String |
The days of the month on which rule is executed. Allowed values: integer (1-31). |
| days |
Optional |
String |
For recurring weekly schedules, it is the list of days on which rule is executed. Allowed values: Allowed values: integer (1-7), where Sunday (1) and Saturday (7). The default value is 1 (Sunday). |
Sample: Update a correlation ruleSample: Update a correlation rule
API Request
curl -X POST
<qualys_base_url>/fim/v3/autocorrelation/rules/{autoCorrelationRuleId}/update
-H 'authorization: Bearer <token>'
-H 'content-type: application/json'
-d @request.json
Contents of request.json
{
"fixDate": "2020-06-09",
"endTime": "13:00:00",
"startTime": "06:30:00",
"description": "<DESCRIPTION>",
"reviewers": [
"<REVIEWER WHO UPDATED RULE>"
]
}Response
{
"customerId": "<CUSTOMER ID>",
"id": "RULE ID",
"ruleName": "Testing_reviewerField",
"filterQuery": "action:Create",
"description": "update description",
"startTime": "06:30:00",
"endTime": "13:00:00",
"scheduleType": "ONETIME",
"days": null,
"fixDate": "2023-06-09",
"changeType": "NORMAL_CHANGE",
"dispositionCategory": "DISREGARD_OF_ORGANIZATIONAL_POLICY",
"approvalType": "AUTOMATED",
"approvalStatus": "PENDING",
"reviewers": [
"<REVIEWER NAME>",
"<REVIEWER EMAIL ID>"
],
"deleted": false,
"status": "ACTIVATED",
"dayOfMonth": null,
"comment": "<COMMENT>",
"createdById": "<USER ID>",
"createdByName": "<USERNAME>",
"createdDate": "2022-12-16T10:51:19.859+0000",
"updatedById": "<USER ID>",
"updatedByName": "<USERNAME>",
"updatedDate": "2022-12-16T10:58:29.096+0000",
"deletedById": null,
"deletedByName": null,
"deletedDate": null
}