Update Rules

You can update rules. Specify the necessary details in the request body that are required to update an rules such as action ID, action name, action description, the recipient details, whom the email should be sent to and so on.

Input ParametersInput Parameters

Parameter	Mandatory/Optional	Data Type	Description
ruleId	Mandatory	Integer	Specify the ID of rule in the user’s scope.
ruleBody	Mandatory	Body	Specify the different elements needed in the request body for a rule. Refer to the following example for exact syntax. { "actionRequests": [ { "actionId": "string", "actionType": "qemail", "emailRecipients": [ "string" ], "emailSubject": "string", "pagerSubjectLine": "string", "slackChannel": "string" } ], "aggregate": true, "aggregationKey": "string", "description": "string", "durationHour": 0, "fromHourInUTC": 0, "fromMinuteInUTC": 0, "name": "string", "qql": "string" } Where, actionId: ID of the action you have defined. actionType:type of the action to be implemented: qemail, pagerduty, or slack. emailRecipients: valid email ID of the recipients to whom the alert should be sent. You can provide multiple email IDs separated by comma. Depending on the application mode you choose to send alerts, you may define either one or more elements: emailSubject: subject of the email action pagerSubjectLine: subject for alert using PagerDuty application slackChannel: channel name to access Slack application
ruleSeverity	Optional	String	Specify the rule severity as LOW, MEDIUM, HIGH, or NONE

Parameter

Mandatory/Optional

Data Type

Description

ruleId

Mandatory

Integer

Specify the ID of rule in the user’s scope.

ruleBody

Mandatory

Body

Specify the different elements needed in the request body for a rule. Refer to the following example for exact syntax.

{

"actionRequests": [

{

"actionId": "string",

"actionType": "qemail",

"emailRecipients": [

"string"

"emailSubject": "string",

"pagerSubjectLine": "string",

"slackChannel": "string"

}

"aggregate": true,

"aggregationKey": "string",

"description": "string",

"durationHour": 0,

"fromHourInUTC": 0,

"fromMinuteInUTC": 0,

"name": "string",

"qql": "string"

}

Where,

actionId: ID of the action you have defined.

actionType:type of the action to be implemented: qemail, pagerduty, or slack.

emailRecipients: valid email ID of the recipients to whom the alert should be sent. You can provide multiple email IDs separated by comma.

Depending on the application mode you choose to send alerts, you may define either one or more elements:

emailSubject: subject of the email action

pagerSubjectLine: subject for alert using PagerDuty application

slackChannel: channel name to access Slack application

ruleSeverity

Optional

String

Specify the rule severity as LOW, MEDIUM, HIGH, or NONE

Sample - Update rulesSample - Update rules

API request

            
      curl -k -X PUT -u <username>:<password>
      'https://<QualysBaseURL>/cloudview-api/rest/v1/rules/1a841990-5dff-11ea-a923-6b29e6c4cbec?ruleType=simple_alert'

Request PUT Data

            
      {
    "actionRequests": [
        {
            "actionId": "b2af9830-5dfe-11ea-b157-8ba65cd99c15",
            "actionType": "slack"
        }
    ],
    "aggregate": true,
    "aggregationKey": "region",
    "description": "Slack Public API Rule",
    "ruleSeverity": "MEDIUM",
    "durationHour": 0,
    "fromHourInUTC": 0,
    "fromMinuteInUTC": 0,
    "name": "Slack Api",
    "qql": "cid:99 and account.id:205767712438 and control.result:FAIL and firstEvaluated:[now-4M .. now]"
}

Response

            
      {
    "success": "bd786210-9965-11e8-ab43-6187ace8f6e8"
}