Edit MPE Rule

It will edit a custom MPE Rule

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Body Params

These fields will be used to edit and update a custom MPE Rule. This is a PUT end point so make sure to provide all the field values present in the request object. Felds whose value is not provided while sending the request, those fields will be updated with thier respective default values.

integer
required

MPERuleId is the Object Id stored in the database

msgSourceTypeId
array of integers

MsgSourceIds associated with a particular MPE Rule

msgSourceTypeId
string

Tagged regular expression. If backslash \ is required then use double backslash \\ to avoid error because backslash is a escape character.

integer
enum
Defaults to 3

* 1 - Production * 2 - Test * 3 - Development

Allowed:
integer
required

CommonEventId

string
required

Name of MPE Rule

string

Description related to MPE Rule

string

MapTag1

string

MapTag2

string

MapTag3

string

MapTag4

string

MapTag5

string

MapTag6

string

MapTag7

string

MapTag8

string

MapTag9

string

MapTag10

string

MapVMId

string

MapSIP

string

MapDIP

string

MapSName

string

MapDName

string

MapSPort

string

MapDPort

string

MapProtocolId

string

MapLogin

string

MapAccount

string

MapGroup

string

MapDomain

string

MapSession

string

MapProcess

string

MapObject

string

MapURL

string

MapSender

string

MapRecipient

string

MapSubject

string

MapBytesIn

string

MapBytesOut

string

MapItemsIn

string

MapItemsOut

string

MapDuration

string

MapAmount

string

MapQuantity

string

MapRate

string

MapSize

integer
enum
Defaults to 32

0 - * "Override log source setting" is off * "Disable automatic host contextualization" is off

8 - * "Override log source setting" is on * "Disable automatic host contextualization" is off * "Drop Whole Log" is off * "Drop Raw Log" is off

9 - * "Override log source setting" is on * "Disable automatic host contextualization" is off * "Drop Whole Log" is on * "Drop Raw Log" is off

10 - * "Override log source setting" is on * "Disable automatic host contextualization" is off * "Drop Whole Log" is off * "Drop Raw Log" is on

32 - * "Override log source setting" is off * "Disable automatic host contextualization" is on

40 - * "Override log source setting" is on * "Disable automatic host contextualization" is on * "Drop Whole Log" is off * "Drop Raw Log" is off

41 - * "Override log source setting" is on * "Disable automatic host contextualization" is on * "Drop Whole Log" is on * "Drop Raw Log" is off

42 - * "Override log source setting" is on * "Disable automatic host contextualization" is on * "Drop Whole Log" is off * "Drop Raw Log" is on

integer
enum
Defaults to 2

* 0 - don't archive logs
* 1 - archive the logs
* 2 - It is a default value which indicates, user has not provided any value and its value will depend on defMsgTTL ie. when defMsgTTL is 32 or 0 then defMsgArchiveMode will be 2 else 1

Allowed:
integer
enum
Defaults to 1

* 0 - Don't forward matching log messages to the PM
* 1 - Forward matching log messages to the PM

Allowed:
integer
enum
Defaults to 13627389

13627389 * "Override Log Source Settings" is off * "Forward logs" is on * "Don't forward logs" is off

13627390 * "Override Log Source Settings" is on * "Forward logs" is off * "Don't forward logs" is on

13627391 * "Override Log Source Settings" is on * "Forward logs" is on * "Don't forward logs" is off

Allowed:
boolean
enum
Defaults to true

InheritTech

Allowed:
integer
enum

* 0 - N/A
* 1 - Tags * 2 - Log Message Sources

Allowed:
integer
enum

* 0 - N/A
* 1 - Tags * 2 - Log Message Sources

Allowed:
integer

ServiceIs

integer
enum

* 0 - Tags Normal
* 1 - Tags Reversed * 2 - Local

Allowed:
string

MapSMAC

string

MapDMAC

string

MapSNATIP

string

MapDNATIP

string

MapSInterface

string

MapDInterface

string

MapPId

string

MapSeverity

string

MapVersion

string

MapCommand

string

MapObjectName

string

MapSNATPort

string

MapDNATPort

string

Notes

string

MapAction

string

MapObjectType

string

Mapcve

string

Mapdomainorigin

string

MapHash

string

MapParentProcessId

string

MapParentProcessName

string

MapParentProcessPath

string

MapPolicy

string

MapReason

string

MapResponseCode

string

MapResult

string

MapSerialNumber

string

MapSessionType

string

MapStatus

string

MapThreatName

string

mapThreatId

string

MapUserAgent

string

MapVendorInfo

integer
enum

IgnoreCase

Allowed:
integer
enum

Multiline

Allowed:
integer
enum

PerfMonMode

Allowed:
Responses

Language
Credentials
Header
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json