POST /analytics/building_blocks/{id}

Updates the building block rule owner or enabled/disabled only.

Updates the building block rule owner or enabled/disabled only.

Table 1. POST /analytics/building_blocks/{id} resource details
MIME Type

application/json

Table 2. POST /analytics/building_blocks/{id} request parameter details
Parameter Type Optionality Data Type MIME Type Description

id

path

Required

Number (Integer)

text/plain

null

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Table 3. POST /analytics/building_blocks/{id} request body details
Parameter Data Type MIME Type Description Sample

building_block

Object

application/json

null

{ "id": "1", "name": "String", "type": "String", "owner": "String" }
Table 4. POST /analytics/building_blocks/{id} response codes
HTTP Response Code Unique Code Description

200

The building block rule was updated.

403

1009

You do not have the required capabilities to update the building block rule.

404

1002

The building block rule does not exist.

409

1004

The provided user does not have the required capabilities to own the building block rule.

422

1005

A request parameter is not valid.

500

1020

An error occurred during the attempt to update the building block rule.

Response Description

The building block rule after it is updated. A building block rule object contains the following fields:
  • id - Long - The sequence ID of the building block rule.
  • name - String - The name of the building block rule.
  • building_block_type - String - The type of building block rule: EVENT, FLOW, COMMON, USER.
  • enabled - Boolean - True if the building block rule is enabled.
  • owner - String - The owner of the building block rule.
  • origin - String - The origin of the building block rule: SYSTEM, OVERRIDE, USER.
  • base_capacity - Long - The base capacity of the building block rule in events per second.
  • base_host_id - Long - The ID of the host from which the building block rule's base capacity was determined
  • average_capacity - Long - The moving average capacity, in EPS, of the building block rule across all hosts.
  • capacity_timestamp - Long - The epoch timestamp, in milliseconds, since the building block's capacity values were last updated.
  • identifier - String - The unique ID of the rule. This value is typically in the form of a UUID, with the exception of legacy system rules.
  • linked_rule_identifier - String - The linked ID of the rule. This value is typically in the form of a UUID, with the exception of legacy system rules, and varies depending on the rule's origin as follows:
    • SYSTEM - The identifier value of the override rule, if one exists. If the system rule has not been overridden, the value will be null.
    • OVERRIDE - The identifier value of the system rule being overridden.
    • USER - The value will be null.
  • creation_date - Long - The number of milliseconds since epoch when the rule was created.
  • modification_date - Long - The number of milliseconds since epoch when the rule was last modified.

Response Sample


{
    "average_capacity": 42,
    "base_capacity": 42,
    "base_host_id": 42,
    "capacity_timestamp": 42,
    "creation_date": 42,
    "enabled": true,
    "id": 42,
    "identifier": "String",
    "linked_rule_identifier": "String",
    "modification_date": 42,
    "name": "String",
    "origin": "String <one of: SYSTEM, OVERRIDE, USER>",
    "owner": "String",
    "type": "String <one of: EVENT, FLOW, COMMON, OFFENSE>"
}