Update suspicious activities rule
This method updates an existing Suspicious Activity rule in the PTA server configuration.
URL
Make sure there are no spaces in the URL. The following characters are not supported in URL values: + & % |
|
|
The following values can be added in the URL. None of them are mandatory.
Resource information
HTTP method |
PUT |
Content type |
application/json |
Header parameter
Parameter |
Authorization |
Type |
String |
Description |
The JWT token that identifies the session. |
Valid values |
A session token that was returned from the “Logon” method. |
Parameter |
Content-Type |
Type |
JSON |
Description |
|
Valid values |
|
Body parameters
None
JSON Input
|
Parameter |
id |
Type |
String |
Description |
Unique string ID of the activity. Must be a valid positive number |
Parameter |
category |
Type |
String |
Description |
Categories of suspicious activities
|
Parameter |
regex |
Type |
String |
Description |
Suspicious activity expression in regex form. Must support all characters (including "/" and escaping characters) |
Parameter |
score |
Type |
Integer |
Description |
Activity score. Number must be between 1 and 100 |
Parameter |
description |
Type |
String |
Description |
Activity description. The field is mandatory but can be empty |
Parameter |
response |
Type |
String |
Description |
Automatic response to be executed
|
Parameter |
active |
Type |
Boolean |
Description |
Indicates if the command is active |
scope |
|
Parameter |
vaultUsers |
Type |
String |
Description |
Vault users scope for the configured suspicious activity |
Parameter |
mode |
Type |
String |
Description |
Indicates whether the list of Vault users will be processed for Suspicious Activity detection
|
Parameter |
list |
Type |
String Array |
Description |
List of Vault users to be included or excluded for detection |
Parameter |
accounts |
Type |
String |
Description |
Accounts scope for the configured suspicious activity |
Parameter |
mode |
Type |
String |
Description |
Indicates whether the list of accounts will be processed for Suspicious Activity detection
|
Parameter |
list |
Type |
String Array |
Description |
List of accounts to be included or excluded for detection |
Parameter |
machines |
Type |
String |
Description |
Machines scope for the configured suspicious activity |
Parameter |
mode |
Type |
String |
Description |
Indicates whether the list of machines will be processed for Suspicicious Activity detection
|
Parameter |
list |
Type |
String Array |
Description |
List of machines to be included or excluded for detection |