Edit MPE Rule

put

https://localhost:8501/lr-admin-api/mperules

It will edit a custom MPE Rule

Body Params

These fields will be used to edit and update a custom MPE Rule. This is a PUT end point so make sure to provide all the field values present in the request object. Felds whose value is not provided while sending the request, those fields will be updated with thier respective default values.

mpeRuleId

integer

required

MPERuleId is the Object Id stored in the database

msgSourceTypeId

array of integers

MsgSourceIds associated with a particular MPE Rule

msgSourceTypeId

regexTagged

string

Tagged regular expression. If backslash \ is required then use double backslash \\ to avoid error because backslash is a escape character.

ruleStatus

integer

enum

Defaults to 3

* 1 - Production
* 2 - Test
* 3 - Development

Allowed:

commonEventId

integer

required

CommonEventId

name

string

required

Name of MPE Rule

shortDesc

string

Description related to MPE Rule

mapTag1

string

MapTag1

mapTag2

string

MapTag2

mapTag3

string

MapTag3

mapTag4

string

MapTag4

mapTag5

string

MapTag5

mapTag6

string

MapTag6

mapTag7

string

MapTag7

mapTag8

string

MapTag8

mapTag9

string

MapTag9

mapTag10

string

MapTag10

mapVMId

string

MapVMId

mapSIP

string

MapSIP

mapDIP

string

MapDIP

mapSName

string

MapSName

mapDName

string

MapDName

mapSPort

string

MapSPort

mapDPort

string

MapDPort

mapProtocolId

string

MapProtocolId

mapLogin

string

MapLogin

mapAccount

string

MapAccount

mapGroup

string

MapGroup

mapDomain

string

MapDomain

mapSession

string

MapSession

mapProcess

string

MapProcess

mapObject

string

MapObject

mapURL

string

MapURL

mapSender

string

MapSender

mapRecipient

string

MapRecipient

mapSubject

string

MapSubject

mapBytesIn

string

MapBytesIn

mapBytesOut

string

MapBytesOut

mapItemsIn

string

MapItemsIn

mapItemsOut

string

MapItemsOut

mapDuration

string

MapDuration

mapAmount

string

MapAmount

mapQuantity

string

MapQuantity

mapRate

string

MapRate

mapSize

string

MapSize

defMsgTTL

integer

enum

Defaults to 32

0 -
"Override log source setting" is off "Disable automatic host contextualization" is off

8 -
"Override log source setting" is on "Disable automatic host contextualization" is off
"Drop Whole Log" is off "Drop Raw Log" is off

9 -
"Override log source setting" is on "Disable automatic host contextualization" is off
"Drop Whole Log" is on "Drop Raw Log" is off

10 -
"Override log source setting" is on "Disable automatic host contextualization" is off
"Drop Whole Log" is off "Drop Raw Log" is on

32 -
"Override log source setting" is off "Disable automatic host contextualization" is on

40 -
"Override log source setting" is on "Disable automatic host contextualization" is on
"Drop Whole Log" is off "Drop Raw Log" is off

41 -
"Override log source setting" is on "Disable automatic host contextualization" is on
"Drop Whole Log" is on "Drop Raw Log" is off

42 -
"Override log source setting" is on "Disable automatic host contextualization" is on
"Drop Whole Log" is off "Drop Raw Log" is on

defMsgArchiveMode

integer

enum

Defaults to 2

0 - don't archive logs
1 - archive the logs
* 2 - It is a default value which indicates, user has not provided any value and its value will depend on defMsgTTL ie. when defMsgTTL is 32 or 0 then defMsgArchiveMode will be 2 else 1

Allowed:

defForwarding

integer

enum

Defaults to 1

0 - Don't forward matching log messages to the PM
1 - Forward matching log messages to the PM

Allowed:

defLogMartMode

integer

enum

Defaults to 13627389

13627389
"Override Log Source Settings" is off "Forward logs" is on
* "Don't forward logs" is off

13627390
"Override Log Source Settings" is on "Forward logs" is off
* "Don't forward logs" is on

13627391
"Override Log Source Settings" is on "Forward logs" is on
* "Don't forward logs" is off

Allowed:

inheritTech

boolean

enum

Defaults to true

InheritTech

Allowed:

sHostIs

integer

enum

0 - N/A
1 - Tags
* 2 - Log Message Sources

Allowed:

dHostIs

integer

enum

0 - N/A
1 - Tags
* 2 - Log Message Sources

Allowed:

serviceIs

integer

ServiceIs

hostContext

integer

enum

0 - Tags Normal
1 - Tags Reversed
* 2 - Local

Allowed:

mapSMAC

string

MapSMAC

mapDMAC

string

MapDMAC

mapSNATIP

string

MapSNATIP

mapDNATIP

string

MapDNATIP

mapSInterface

string

MapSInterface

mapDInterface

string

MapDInterface

mapPId

string

MapPId

mapSeverity

string

MapSeverity

mapVersion

string

MapVersion

mapCommand

string

MapCommand

mapObjectName

string

MapObjectName

mapSNATPort

string

MapSNATPort

mapDNATPort

string

MapDNATPort

notes

string

Notes

mapAction

string

MapAction

mapObjectType

string

MapObjectType

mapcve

string

Mapcve

mapdomainorigin

string

Mapdomainorigin

mapHash

string

MapHash

mapParentProcessId

string

MapParentProcessId

mapParentProcessName

string

MapParentProcessName

mapParentProcessPath

string

MapParentProcessPath

mapPolicy

string

MapPolicy

mapReason

string

MapReason

mapResponseCode

string

MapResponseCode

mapResult

string

MapResult

mapSerialNumber

string

MapSerialNumber

mapSessionType

string

MapSessionType

mapStatus

string

MapStatus

mapThreatName

string

MapThreatName

mapThreatId

string

mapThreatId

mapUserAgent

string

MapUserAgent

mapVendorInfo

string

MapVendorInfo

ignoreCase

integer

enum

IgnoreCase

Allowed:

multiline

integer

enum

Multiline

Allowed:

perfMonMode

integer

enum

PerfMonMode

Allowed:

Responses

201Return result.

400Bad Request

403A user without the correct permissions tried to edit MPE Rule.

404Resource not found