diff --git a/.apigentools-info b/.apigentools-info index ee3b5d1a41dfa..5229d8c0c2b56 100644 --- a/.apigentools-info +++ b/.apigentools-info @@ -4,13 +4,13 @@ "spec_versions": { "v1": { "apigentools_version": "1.6.6", - "regenerated": "2025-06-17 18:24:17.637707", - "spec_repo_commit": "b1a1c000" + "regenerated": "2025-06-18 09:44:54.032445", + "spec_repo_commit": "b6151f30" }, "v2": { "apigentools_version": "1.6.6", - "regenerated": "2025-06-17 18:24:26.946951", - "spec_repo_commit": "b1a1c000" + "regenerated": "2025-06-18 09:45:03.480594", + "spec_repo_commit": "b6151f30" } } } \ No newline at end of file diff --git a/content/en/api/v2/csm-threats/examples.json b/content/en/api/v2/csm-threats/examples.json index 74300d238f531..5e54749afff10 100644 --- a/content/en/api/v2/csm-threats/examples.json +++ b/content/en/api/v2/csm-threats/examples.json @@ -9,6 +9,7 @@ "actions": [ { "filter": "string", + "hash": {}, "kill": { "signal": "string" }, @@ -60,7 +61,7 @@ } ] }, - "html": "
\n
\n
\n
\n

data

\n
\n

[object]

\n

A list of Agent rules objects

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Cloud Workload Security Agent rule returned by the API

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + "html": "
\n
\n
\n
\n

data

\n
\n

[object]

\n

A list of Agent rules objects

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Cloud Workload Security Agent rule returned by the API

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

hash

\n
\n

object

\n

An empty object indicating the hash action

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" }, "403": { "json": { @@ -94,6 +95,7 @@ "actions": [ { "filter": "string", + "hash": {}, "kill": { "signal": "string" }, @@ -144,7 +146,7 @@ "type": "agent_rule" } }, - "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Cloud Workload Security Agent rule returned by the API

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Cloud Workload Security Agent rule returned by the API

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

hash

\n
\n

object

\n

An empty object indicating the hash action

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" }, "400": { "json": { @@ -195,6 +197,7 @@ "actions": [ { "filter": "string", + "hash": {}, "kill": { "signal": "string" }, @@ -228,7 +231,7 @@ "type": "agent_rule" } }, - "html": "
\n
\n
\n
\n

data [required]

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes [required]

\n
\n

object

\n

Create a new Cloud Workload Security Agent rule.

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule.

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression [required]

\n
\n

string

\n

The SECL expression of the Agent rule.

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

name [required]

\n
\n

string

\n

The name of the Agent rule.

\n
\n \n
\n
\n
\n
\n
\n

policy_id

\n
\n

string

\n

The ID of the policy where the Agent rule is saved

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

type [required]

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + "html": "
\n
\n
\n
\n

data [required]

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes [required]

\n
\n

object

\n

Create a new Cloud Workload Security Agent rule.

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

hash

\n
\n

object

\n

An empty object indicating the hash action

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule.

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression [required]

\n
\n

string

\n

The SECL expression of the Agent rule.

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

name [required]

\n
\n

string

\n

The name of the Agent rule.

\n
\n \n
\n
\n
\n
\n
\n

policy_id

\n
\n

string

\n

The ID of the policy where the Agent rule is saved

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

type [required]

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" } }, "DeleteCSMThreatsAgentRule": { @@ -273,6 +276,7 @@ "actions": [ { "filter": "string", + "hash": {}, "kill": { "signal": "string" }, @@ -323,7 +327,7 @@ "type": "agent_rule" } }, - "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Cloud Workload Security Agent rule returned by the API

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Cloud Workload Security Agent rule returned by the API

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

hash

\n
\n

object

\n

An empty object indicating the hash action

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" }, "403": { "json": { @@ -365,6 +369,7 @@ "actions": [ { "filter": "string", + "hash": {}, "kill": { "signal": "string" }, @@ -415,7 +420,7 @@ "type": "agent_rule" } }, - "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Cloud Workload Security Agent rule returned by the API

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Cloud Workload Security Agent rule returned by the API

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

hash

\n
\n

object

\n

An empty object indicating the hash action

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" }, "400": { "json": { @@ -471,6 +476,7 @@ "actions": [ { "filter": "string", + "hash": {}, "kill": { "signal": "string" }, @@ -503,7 +509,7 @@ "type": "agent_rule" } }, - "html": "
\n
\n
\n
\n

data [required]

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes [required]

\n
\n

object

\n

Update an existing Cloud Workload Security Agent rule

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

policy_id

\n
\n

string

\n

The ID of the policy where the Agent rule is saved

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type [required]

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + "html": "
\n
\n
\n
\n

data [required]

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes [required]

\n
\n

object

\n

Update an existing Cloud Workload Security Agent rule

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

hash

\n
\n

object

\n

An empty object indicating the hash action

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

policy_id

\n
\n

string

\n

The ID of the policy where the Agent rule is saved

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type [required]

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" } }, "ListCSMThreatsAgentPolicies": { @@ -908,6 +914,7 @@ "actions": [ { "filter": "string", + "hash": {}, "kill": { "signal": "string" }, @@ -959,7 +966,7 @@ } ] }, - "html": "
\n
\n
\n
\n

data

\n
\n

[object]

\n

A list of Agent rules objects

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Cloud Workload Security Agent rule returned by the API

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + "html": "
\n
\n
\n
\n

data

\n
\n

[object]

\n

A list of Agent rules objects

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Cloud Workload Security Agent rule returned by the API

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

hash

\n
\n

object

\n

An empty object indicating the hash action

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" }, "403": { "json": { @@ -993,6 +1000,7 @@ "actions": [ { "filter": "string", + "hash": {}, "kill": { "signal": "string" }, @@ -1043,7 +1051,7 @@ "type": "agent_rule" } }, - "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Cloud Workload Security Agent rule returned by the API

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Cloud Workload Security Agent rule returned by the API

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

hash

\n
\n

object

\n

An empty object indicating the hash action

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" }, "400": { "json": { @@ -1094,6 +1102,7 @@ "actions": [ { "filter": "string", + "hash": {}, "kill": { "signal": "string" }, @@ -1127,7 +1136,7 @@ "type": "agent_rule" } }, - "html": "
\n
\n
\n
\n

data [required]

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes [required]

\n
\n

object

\n

Create a new Cloud Workload Security Agent rule.

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule.

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression [required]

\n
\n

string

\n

The SECL expression of the Agent rule.

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

name [required]

\n
\n

string

\n

The name of the Agent rule.

\n
\n \n
\n
\n
\n
\n
\n

policy_id

\n
\n

string

\n

The ID of the policy where the Agent rule is saved

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

type [required]

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + "html": "
\n
\n
\n
\n

data [required]

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes [required]

\n
\n

object

\n

Create a new Cloud Workload Security Agent rule.

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

hash

\n
\n

object

\n

An empty object indicating the hash action

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule.

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression [required]

\n
\n

string

\n

The SECL expression of the Agent rule.

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

name [required]

\n
\n

string

\n

The name of the Agent rule.

\n
\n \n
\n
\n
\n
\n
\n

policy_id

\n
\n

string

\n

The ID of the policy where the Agent rule is saved

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

type [required]

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" } }, "DeleteCloudWorkloadSecurityAgentRule": { @@ -1172,6 +1181,7 @@ "actions": [ { "filter": "string", + "hash": {}, "kill": { "signal": "string" }, @@ -1222,7 +1232,7 @@ "type": "agent_rule" } }, - "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Cloud Workload Security Agent rule returned by the API

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Cloud Workload Security Agent rule returned by the API

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

hash

\n
\n

object

\n

An empty object indicating the hash action

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" }, "403": { "json": { @@ -1264,6 +1274,7 @@ "actions": [ { "filter": "string", + "hash": {}, "kill": { "signal": "string" }, @@ -1314,7 +1325,7 @@ "type": "agent_rule" } }, - "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Cloud Workload Security Agent rule returned by the API

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Cloud Workload Security Agent rule returned by the API

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

hash

\n
\n

object

\n

An empty object indicating the hash action

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" }, "400": { "json": { @@ -1370,6 +1381,7 @@ "actions": [ { "filter": "string", + "hash": {}, "kill": { "signal": "string" }, @@ -1402,7 +1414,7 @@ "type": "agent_rule" } }, - "html": "
\n
\n
\n
\n

data [required]

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes [required]

\n
\n

object

\n

Update an existing Cloud Workload Security Agent rule

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

policy_id

\n
\n

string

\n

The ID of the policy where the Agent rule is saved

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type [required]

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + "html": "
\n
\n
\n
\n

data [required]

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes [required]

\n
\n

object

\n

Update an existing Cloud Workload Security Agent rule

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

hash

\n
\n

object

\n

An empty object indicating the hash action

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

The metadata action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

image_tag

\n
\n

string

\n

The image tag of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

The service of the metadata action

\n
\n \n
\n
\n
\n
\n
\n

short_image

\n
\n

string

\n

The short image of the metadata action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

set

\n
\n

object

\n

The set action applied on the scope matching the rule

\n
\n
\n
\n
\n
\n

append

\n
\n

boolean

\n

Whether the value should be appended to the field

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field of the set action

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the set action

\n
\n \n
\n
\n
\n
\n
\n

scope

\n
\n

string

\n

The scope of the set action

\n
\n \n
\n
\n
\n
\n
\n

size

\n
\n

int64

\n

The size of the set action

\n
\n \n
\n
\n
\n
\n
\n

ttl

\n
\n

int64

\n

The time to live of the set action

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

string

\n

The value of the set action

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

blocking

\n
\n

[string]

\n

The blocking policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

disabled

\n
\n

[string]

\n

The disabled policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

monitoring

\n
\n

[string]

\n

The monitoring policies that the rule belongs to

\n
\n \n
\n
\n
\n
\n
\n

policy_id

\n
\n

string

\n

The ID of the policy where the Agent rule is saved

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type [required]

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" } } } \ No newline at end of file diff --git a/content/en/api/v2/csm-threats/request.CreateCSMThreatsAgentRule_1295653933.json b/content/en/api/v2/csm-threats/request.CreateCSMThreatsAgentRule_1295653933.json index 4b2457526e908..ba486a37fd1e8 100644 --- a/content/en/api/v2/csm-threats/request.CreateCSMThreatsAgentRule_1295653933.json +++ b/content/en/api/v2/csm-threats/request.CreateCSMThreatsAgentRule_1295653933.json @@ -15,6 +15,9 @@ "value": "test_value", "scope": "process" } + }, + { + "hash": {} } ] }, diff --git a/data/api/v2/full_spec.yaml b/data/api/v2/full_spec.yaml index 4d5e60050cb34..ae9ad30fc8df8 100644 --- a/data/api/v2/full_spec.yaml +++ b/data/api/v2/full_spec.yaml @@ -7595,6 +7595,8 @@ components: description: SECL expression used to target the container to apply the action on type: string + hash: + $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActionHash' kill: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleKill' metadata: @@ -7602,6 +7604,10 @@ components: set: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActionSet' type: object + CloudWorkloadSecurityAgentRuleActionHash: + additionalProperties: {} + description: An empty object indicating the hash action + type: object CloudWorkloadSecurityAgentRuleActionMetadata: description: The metadata action applied on the scope matching the rule properties: @@ -57035,8 +57041,8 @@ paths: \"My Agent rule\",\n \"expression\": \"exec.file.name == \\\"sh\\\"\",\n \ \"enabled\": true,\n \"product_tags\": [\"security:attack\", \"technique:T1059\"],\n \"actions\": [{\"set\": {\"name\": \"test_set\", - \"value\": \"test_value\", \"scope\": \"process\"}}],\n \"policy_id\": - \"{{ policy.data.id }}\"\n }\n }\n}" + \"value\": \"test_value\", \"scope\": \"process\"}}, {\"hash\": {}}],\n + \ \"policy_id\": \"{{ policy.data.id }}\"\n }\n }\n}" step: there is a valid "agent_rule_rc" in the system x-menu-order: 3 x-undo: diff --git a/data/api/v2/full_spec_deref.json b/data/api/v2/full_spec_deref.json index dde8507fb153c..0ac72eb43f45d 100644 --- a/data/api/v2/full_spec_deref.json +++ b/data/api/v2/full_spec_deref.json @@ -42751,6 +42751,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -42818,6 +42823,11 @@ }, "type": "object" }, + "CloudWorkloadSecurityAgentRuleActionHash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "CloudWorkloadSecurityAgentRuleActionMetadata": { "description": "The metadata action applied on the scope matching the rule", "properties": { @@ -42881,6 +42891,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -42963,6 +42978,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -43185,6 +43205,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -43337,6 +43362,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -43511,6 +43541,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -43705,6 +43740,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -43968,6 +44008,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -44225,6 +44270,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -44361,6 +44411,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -44524,6 +44579,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -44712,6 +44772,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -447501,6 +447566,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -447830,6 +447900,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -448019,6 +448094,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -448379,7 +448459,7 @@ "parameters": [ { "name": "body", - "value": "{\n \"data\": {\n \"type\": \"agent_rule\",\n \"attributes\": {\n \"name\": \"{{ unique_lower_alnum }}\",\n \"description\": \"My Agent rule\",\n \"expression\": \"exec.file.name == \\\"sh\\\"\",\n \"enabled\": true,\n \"product_tags\": [\"security:attack\", \"technique:T1059\"],\n \"actions\": [{\"set\": {\"name\": \"test_set\", \"value\": \"test_value\", \"scope\": \"process\"}}],\n \"policy_id\": \"{{ policy.data.id }}\"\n }\n }\n}" + "value": "{\n \"data\": {\n \"type\": \"agent_rule\",\n \"attributes\": {\n \"name\": \"{{ unique_lower_alnum }}\",\n \"description\": \"My Agent rule\",\n \"expression\": \"exec.file.name == \\\"sh\\\"\",\n \"enabled\": true,\n \"product_tags\": [\"security:attack\", \"technique:T1059\"],\n \"actions\": [{\"set\": {\"name\": \"test_set\", \"value\": \"test_value\", \"scope\": \"process\"}}, {\"hash\": {}}],\n \"policy_id\": \"{{ policy.data.id }}\"\n }\n }\n}" } ], "step": "there is a valid \"agent_rule_rc\" in the system" @@ -448569,6 +448649,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -448946,6 +449031,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -449124,6 +449214,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -502498,6 +502593,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -502833,6 +502933,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -503022,6 +503127,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -503564,6 +503674,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -503937,6 +504052,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -504115,6 +504235,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { diff --git a/static/resources/json/full_spec_v2.json b/static/resources/json/full_spec_v2.json index dde8507fb153c..0ac72eb43f45d 100644 --- a/static/resources/json/full_spec_v2.json +++ b/static/resources/json/full_spec_v2.json @@ -42751,6 +42751,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -42818,6 +42823,11 @@ }, "type": "object" }, + "CloudWorkloadSecurityAgentRuleActionHash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "CloudWorkloadSecurityAgentRuleActionMetadata": { "description": "The metadata action applied on the scope matching the rule", "properties": { @@ -42881,6 +42891,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -42963,6 +42978,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -43185,6 +43205,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -43337,6 +43362,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -43511,6 +43541,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -43705,6 +43740,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -43968,6 +44008,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -44225,6 +44270,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -44361,6 +44411,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -44524,6 +44579,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -44712,6 +44772,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -447501,6 +447566,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -447830,6 +447900,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -448019,6 +448094,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -448379,7 +448459,7 @@ "parameters": [ { "name": "body", - "value": "{\n \"data\": {\n \"type\": \"agent_rule\",\n \"attributes\": {\n \"name\": \"{{ unique_lower_alnum }}\",\n \"description\": \"My Agent rule\",\n \"expression\": \"exec.file.name == \\\"sh\\\"\",\n \"enabled\": true,\n \"product_tags\": [\"security:attack\", \"technique:T1059\"],\n \"actions\": [{\"set\": {\"name\": \"test_set\", \"value\": \"test_value\", \"scope\": \"process\"}}],\n \"policy_id\": \"{{ policy.data.id }}\"\n }\n }\n}" + "value": "{\n \"data\": {\n \"type\": \"agent_rule\",\n \"attributes\": {\n \"name\": \"{{ unique_lower_alnum }}\",\n \"description\": \"My Agent rule\",\n \"expression\": \"exec.file.name == \\\"sh\\\"\",\n \"enabled\": true,\n \"product_tags\": [\"security:attack\", \"technique:T1059\"],\n \"actions\": [{\"set\": {\"name\": \"test_set\", \"value\": \"test_value\", \"scope\": \"process\"}}, {\"hash\": {}}],\n \"policy_id\": \"{{ policy.data.id }}\"\n }\n }\n}" } ], "step": "there is a valid \"agent_rule_rc\" in the system" @@ -448569,6 +448649,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -448946,6 +449031,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -449124,6 +449214,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -502498,6 +502593,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -502833,6 +502933,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -503022,6 +503127,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -503564,6 +503674,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -503937,6 +504052,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": { @@ -504115,6 +504235,11 @@ "description": "SECL expression used to target the container to apply the action on", "type": "string" }, + "hash": { + "additionalProperties": {}, + "description": "An empty object indicating the hash action", + "type": "object" + }, "kill": { "description": "Kill system call applied on the container matching the rule", "properties": {