POST /config/event_sources/custom_properties/property_cef_expressions/{expression_id}

Updates an existing Ariel property CEF expression.

Updates an existing Ariel property CEF expression.

Table 1. POST /config/event_sources/custom_properties/property_cef_expressions/{expression_id} resource details
MIME Type

application/json

Table 2. POST /config/event_sources/custom_properties/property_cef_expressions/{expression_id} request parameter details
Parameter Type Optionality Data Type MIME Type Description

expression_id

path

Required

Number (Integer)

text/plain

Required - The sequence ID of the Ariel property CEF expression.

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Table 3. POST /config/event_sources/custom_properties/property_cef_expressions/{expression_id} request body details
Parameter Data Type MIME Type Description Sample

data

Object

application/json
Required - A CEF representation of the Ariel property CEF expression object.
  • regex_property_identifier - Optional - String - The identifier of the event regex property that this expression belongs to.
  • enabled - Optional - Boolean - Flag that indicates whether this expression is enabled.
  • expression - Optional - String - The CEF expression path to find the property value from the CEF payload.
  • payload - Optional - String - Test payload. This parameter is only used in the UI so that you can verify your expression matches the expected payload.
  • log_source_type_id - Optional - Integer - The expression is only applied to events for this log source type.
  • log_source_id - Optional - Integer - The expression is only applied to events for this log source (more specific than type alone).
  • qid - Optional - Integer - The expression is only applied to events associated with this QID record.
  • low_level_category_id - Optional - Integer - The expression is only applied to events with this low level category.
  • username - Optional - String - The owner of the Ariel property CEF expression. If the input username is an authorized service, the prefix "API_token: " is required.

{ "creation_date": 42, "enabled": true, "expression": "String", "id": 42, "identifier": "String", "log_source_id": 42, "log_source_type_id": 42, "low_level_category_id": 42, "modification_date": 42, "payload": "String", "qid": 42, "regex_property_identifier": "String", "username": "String" }
Table 4. POST /config/event_sources/custom_properties/property_cef_expressions/{expression_id} response codes
HTTP Response Code Unique Code Description

200

The ariel property CEF expression was updated.

403

1009

The user cannot update the resource because it only can be updated by the owner or admin user.

404

1002

The requested ariel property cef expression cannot be found.

422

1005

One or more parameters are invalid in request.

500

1020

An error occurred during the attempt to update an ariel property cef expression.

Response Description

The updated Ariel property CEF expression object contains the following fields:
  • id - Integer - The sequence ID of the Ariel property CEF expression.
  • identifier - String - The ID of the Ariel property CEF expression.
  • regex_property_identifier - String - The identifier of the event regex property that this expression belongs to.
  • enabled - Boolean - Flag that indicates whether this expression is enabled.
  • expression - String - The CEF expression path to find the property value from the CEF payload.
  • payload - String - Test payload. This parameter is only used in the UI so that you can verify your expression matches the expected payload.
  • log_source_type_id - Integer - The expression is only applied to events for this log source type.
  • log_source_id - Integer - The expression is only applied to events for this log source (more specific than type alone).
  • qid - Integer - The expression is only applied to events associated with this QID record.
  • low_level_category_id - Integer - The expression is only applied to events with this low level category.
  • username - String - The owner of the Ariel property CEF expression.

Response Sample


{
    "creation_date": 42,
    "enabled": true,
    "expression": "String",
    "id": 42,
    "identifier": "String",
    "log_source_id": 42,
    "log_source_type_id": 42,
    "low_level_category_id": 42,
    "modification_date": 42,
    "payload": "String",
    "qid": 42,
    "regex_property_identifier": "String",
    "username": "String"
}