Update Batch Rule

Updates a specified batch rule.

HTTP Request

PUT /api/sonar/batch-rules/:guid
Request using cURL
curl -H "Authorization: Bearer <API_KEY>" \
     -d priority="LOW" \
     -d name="Scan web vulnerabilities" \
     -d schedule="*/10 * * * *"
     -d msg="Scan web vulnerabilities: $dst_ip" \
     -d query="table duration=30m weblog | search status >= 400 | stats count as error_count, dc(path) as page_count, values(concat(method, " ", path)) as request by src_ip | eval request = strjoin("\n", request) | lof eps=0.1 error_count, page_count | search _lof > 1.5 | sort -_lof" \
     -X PUT \
     https://HOSTNAME/api/sonar/batch-rules/410fe6af-b2f8-4674-af70-8d5b12ddc3fe
Request Parameters
KeyRequiredTypeDescriptionNote
priorityOStringPriorityLOW, MEDIUM, HIGH
guidOStringBatch rule GUID36 characters
nameOStringBatch rule nameMinimum 1 to maximum 255 characters
descriptionXStringBatch rule descriptionMaximum 2,000 characters
msgOStringMessage templateMinimum 1 to maximum 2,000 characters
enabledXBooleanWhether the rule is enabled or nottrue or false
category_guidXStringBatch rule category GUID36 characters
scheduleOStringExecution scheduleIn CRON schedule format
durationX32-bit integerTime window of the data to be analyzed, based on the current timeIn seconds. Maximum 31536000 second (365 days)
datetruncX32-bit integerTime truncation1 or 60 or 3600 or 86400 (seconds)
dataset_guidXStringDataset GUIDAt least one of dataset_guid and query must be provided. 36 characters long
queryXStringDetection queryMaximum 65,535 characters. At least one of dataset_guid and query must be provided.
address_group_guidXStringAddress group GUID36 characters
address_fieldXStringAddress fieldAddress group field name. Maximum 50 characters.
ticket_repo_guidXStringTicket repository GUID36 characters. If not specified, a ticket is not generated.
ticket_assignee_guidXStringTicket assignee GUIDIf specified, ticket is assigned automatically
ticket_suppress_intervalX32-bit integerSuppression period for duplicated ticket in secondsIf set to 0 or not specified, duplicate tickets are not merged.
event_suppress_intervalX32-bit integerSuppression period for duplicated event in secondsIf set to 0 or not specified, duplicate events are not merged.
suppress_keyXStringSuppress key fieldMaximum 2,000 characters. Macro in $field format available.
keep_aliveXBooleanWhether to keep the suppression timer alivetrue to keep the timer alive, false to reset it.
audit_category_guidXStringAudit category GUIDIf not specified, an auto audit request is not sent. 36 characters long
auditor_guidXStringAuditor GUID36 characters. If not specified, the department head is assigned as default.
audit_daysX32-bit integerAudit due dateMinimum 1 to maximum 365 days
employee_key_fieldXStringEmployee number fieldMaximum 50 characters. If not specified, an auto audit request is not sent.
alarm_group_guidXStringAlarm group GUID36 characters
field_orderXStringEvidence field output orderMaximum 2,000 characters

Success Response

{}

Error Responses

Required argument is missing

HTTP status code 400

{
    "error_code": "null-argument",
    "error_msg": "schedule should be not null"
}
Invalid argument length

HTTP status code 400

{
    "error_code": "invalid-argument",
    "error_msg": "'address_field' must be shorter than or equal to 50 characters."
}
Invalid priority value

HTTP status code 400

{
    "error_code": "invalid-argument",
    "error_msg": "priority should be one of 'LOW', 'MEDIUM', 'HIGH'."
}
Identifier is not in valid GUID format

HTTP status code 400

{
    "error_code": "invalid-param-type",
    "error_msg": "category_guid should be guid type."
}
CRON expression is not valid

HTTP status code 400

{
    "error_code": "invalid-argument",
    "error_msg": "schedule has wrong cron expression format: * * * * * *"
}
Both dataset and query are not specified

HTTP status code 400

{
    "error_code": "null-argument",
    "error_msg": "query should be not null"
}
Invalid value for datetrunc

HTTP status code 400

{
    "error_code": "invalid-argument",
    "error_msg": "datetrunc should be one of 1 (1 second), 60 (1 minute), 3600 (1 hour), 86400 (1 day)."
}
Batch rule is not found

HTTP status code 500

{
    "error_code": "illegal-state",
    "error_msg": "batch rule not found: 9071a6fe-6b91-4448-9761-7123381cb026"
}
No privilege to create a batch rule

HTTP status code 500

{
    "error_code": "illegal-state",
    "error_msg": "no-permission"
}