provider Security Monitoring PUT /api/v2/security_monitoring/rules/{rule_id}
@utdk/datadog /api/v2/security_monitoring/rules/{rule_id}
Update an existing rule
Update an existing rule. When updating `cases`, `queries` or `options`, the whole field must be included. For example, when modifying a query all queries must be included. Default rules can only be updated to be enabled, to change notifications, or to update the tags (default tags cannot be removed).
rule_id path required
The ID of the rule.
string

Try it

Authentication
Configure credentials for Datadog API V2 Collection
Gateway
The gateway proxies requests and injects credentials server-side. Configure credentials above, then enter your gateway URL.

Saved automatically to browser storage.

updatesecuritymonitoringrule
PUT/api/v2/security_monitoring/rules/{rule_id}
Update an existing rule. When updating `cases`, `queries` or `options`, the whole field must be included. For example, when modifying a query all queries must be included. Default rules can only be updated to be enabled, to change notifications, or to update the tags (default tags cannot be removed).

Parameters

required

The ID of the rule.

Input

Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is also defined.

Cases for generating signals.

How to generate compliance signals. Useful for cloud_configuration rules only.

Custom/Overridden Message for generated signals (used in case of Default rule update).

Custom/Overridden name (used in case of Default rule update).

Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules.

Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups.

Whether the notifications include the triggering group-by values in their title.

Whether the rule is enabled.

Message for generated signals.

Name of the rule.

Options.

Queries for selecting logs which are part of the rule.

Reference tables for the rule.

Options for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs real-time on ingested logs.

Tags for generated signals.

Cases for generating signals from third-party rules. Only available for third-party rules.

The version of the rule being updated.

Enter a gateway URL above to enable sending.

Code snippet
Updates live as you fill in the form above.

TypeScript

import datadog from '@utdk/datadog';

await datadog.updatesecuritymonitoringrule()