POST /analytics/rules/{id}
Updates the rule owner or enabled/disabled only.
Updates the rule owner or enabled/disabled only.
MIME Type |
---|
application/json |
Parameter | Type | Optionality | Data Type | MIME Type | Description |
---|---|---|---|---|---|
id |
path |
Required |
Number (Integer) |
text/plain |
null |
fields |
header |
Optional |
String |
text/plain |
Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas. |
Parameter | Data Type | MIME Type | Description | Sample |
---|---|---|---|---|
rule |
Object |
application/json |
Required - Rule object. |
{ "average_capacity": 42, "base_capacity": 42, "base_host_id": 42, "capacity_timestamp": 42, "creation_date": 42, "enabled": true, "id": 42, "identifier": "String", "linked_rule_identifier": "String", "modification_date": 42, "name": "String", "origin": "String <one of: SYSTEM, OVERRIDE, USER>", "owner": "String", "type": "String <one of: EVENT, FLOW, COMMON, OFFENSE>" } |
HTTP Response Code | Unique Code | Description |
---|---|---|
200 |
The rule was updated. |
|
403 |
1009 |
You do not have the required capabilities to update the rule. |
404 |
1002 |
The rule does not exist. |
409 |
1004 |
The provided user does not have the required capabilities to own the rule. |
422 |
1005 |
A request parameter is not valid. |
500 |
1020 |
An error occurred during the attempt to update the rule. |
Response Description
- id - Long - The sequence ID of the rule.
- name - String - The name of the rule.
- type - String - The type of rule: EVENT, FLOW, COMMON, USER.
- enabled - Boolean - True if the rule is enabled.
- owner - String - The owner of the rule.
- origin - String - The origin of the rule: SYSTEM, OVERRIDE, USER.
- base_capacity - Long - The base capacity of the rule in events per second.
- base_host_id - Long - The ID of the host from which the rule's base capacity was determined
- average_capacity - Long - The moving average capacity, in EPS, of the rule across all hosts.
- capacity_timestamp - Long - The epoch timestamp, in milliseconds, since the rule's capacity values were last updated.
- identifier - String - The unique ID of the rule. This value is typically in the form of a UUID, with the exception of legacy system rules.
- linked_rule_identifier - String - The linked ID of the rule. This value is typically in the form of a UUID, with the exception of legacy system rules, and varies depending on the rule's origin as follows:
- SYSTEM - The identifier value of the override rule, if one exists. If the system rule has not been overridden, the value will be null.
- OVERRIDE - The identifier value of the system rule being overridden.
- USER - The value will be null.
- creation_date - Long - The number of milliseconds since epoch when the rule was created.
- modification_date - Long - The number of milliseconds since epoch when the rule was last modified.
Response Sample
{
"average_capacity": 42,
"base_capacity": 42,
"base_host_id": 42,
"capacity_timestamp": 42,
"creation_date": 42,
"enabled": true,
"id": 42,
"identifier": "String",
"linked_rule_identifier": "String",
"modification_date": 42,
"name": "String",
"origin": "String <one of: SYSTEM, OVERRIDE, USER>",
"owner": "String",
"type": "String <one of: EVENT, FLOW, COMMON, OFFENSE>"
}