@@ -7373,6 +7373,8 @@ components:
73737373 CloudWorkloadSecurityAgentPolicyCreateAttributes:
73747374 description: Create a new Cloud Workload Security Agent policy
73757375 properties:
7376+ actions:
7377+ $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActions'
73767378 description:
73777379 description: The description of the policy
73787380 example: My agent policy
@@ -7454,6 +7456,8 @@ components:
74547456 CloudWorkloadSecurityAgentPolicyUpdateAttributes:
74557457 description: Update an existing Cloud Workload Security Agent policy
74567458 properties:
7459+ actions:
7460+ $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActions'
74577461 description:
74587462 description: The description of the policy
74597463 example: My agent policy
@@ -7524,6 +7528,59 @@ components:
75247528 type: string
75257529 kill:
75267530 $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleKill'
7531+ metadata:
7532+ $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActionMetadata'
7533+ set:
7534+ $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActionSet'
7535+ type: object
7536+ CloudWorkloadSecurityAgentRuleActionMetadata:
7537+ description: The metadata action applied on the scope matching the rule
7538+ properties:
7539+ image_tag:
7540+ description: The image tag of the metadata action
7541+ type: string
7542+ service:
7543+ description: The service of the metadata action
7544+ type: string
7545+ short_image:
7546+ description: The short image of the metadata action
7547+ type: string
7548+ type: object
7549+ CloudWorkloadSecurityAgentRuleActionSet:
7550+ description: The set action applied on the scope matching the rule
7551+ properties:
7552+ append:
7553+ description: Whether the value should be appended to the field
7554+ type: boolean
7555+ field:
7556+ description: The field of the set action
7557+ type: string
7558+ name:
7559+ description: The name of the set action
7560+ type: string
7561+ scope:
7562+ description: The scope of the set action
7563+ type: string
7564+ size:
7565+ description: The size of the set action
7566+ format: int64
7567+ type: integer
7568+ ttl:
7569+ description: The time to live of the set action
7570+ format: int64
7571+ type: integer
7572+ value:
7573+ anyOf:
7574+ - type: string
7575+ - format: double
7576+ type: number
7577+ - format: int64
7578+ type: integer
7579+ - type: boolean
7580+ - items: {}
7581+ type: array
7582+ - type: object
7583+ description: The value of the set action
75277584 type: object
75287585 CloudWorkloadSecurityAgentRuleActions:
75297586 description: The array of actions the rule can perform if triggered
@@ -7539,6 +7596,11 @@ components:
75397596 agentConstraint:
75407597 description: The version of the Agent
75417598 type: string
7599+ blocking:
7600+ description: The blocking policies that the rule belongs to
7601+ items:
7602+ type: string
7603+ type: array
75427604 category:
75437605 description: The category of the Agent rule
75447606 example: Process Activity
@@ -7562,6 +7624,11 @@ components:
75627624 description: The description of the Agent rule
75637625 example: My Agent rule
75647626 type: string
7627+ disabled:
7628+ description: The disabled policies that the rule belongs to
7629+ items:
7630+ type: string
7631+ type: array
75657632 enabled:
75667633 description: Whether the Agent rule is enabled
75677634 example: true
@@ -7575,6 +7642,11 @@ components:
75757642 items:
75767643 type: string
75777644 type: array
7645+ monitoring:
7646+ description: The monitoring policies that the rule belongs to
7647+ items:
7648+ type: string
7649+ type: array
75787650 name:
75797651 description: The name of the Agent rule
75807652 example: my_agent_rule
@@ -7609,10 +7681,22 @@ components:
76097681 CloudWorkloadSecurityAgentRuleCreateAttributes:
76107682 description: Create a new Cloud Workload Security Agent rule.
76117683 properties:
7684+ actions:
7685+ $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActions'
7686+ blocking:
7687+ description: The blocking policies that the rule belongs to
7688+ items:
7689+ type: string
7690+ type: array
76127691 description:
76137692 description: The description of the Agent rule.
76147693 example: My Agent rule
76157694 type: string
7695+ disabled:
7696+ description: The disabled policies that the rule belongs to
7697+ items:
7698+ type: string
7699+ type: array
76167700 enabled:
76177701 description: Whether the Agent rule is enabled
76187702 example: true
@@ -7626,6 +7710,11 @@ components:
76267710 items:
76277711 type: string
76287712 type: array
7713+ monitoring:
7714+ description: The monitoring policies that the rule belongs to
7715+ items:
7716+ type: string
7717+ type: array
76297718 name:
76307719 description: The name of the Agent rule.
76317720 example: my_agent_rule
@@ -7716,10 +7805,20 @@ components:
77167805 CloudWorkloadSecurityAgentRuleUpdateAttributes:
77177806 description: Update an existing Cloud Workload Security Agent rule
77187807 properties:
7808+ blocking:
7809+ description: The blocking policies that the rule belongs to
7810+ items:
7811+ type: string
7812+ type: array
77197813 description:
77207814 description: The description of the Agent rule
77217815 example: My Agent rule
77227816 type: string
7817+ disabled:
7818+ description: The disabled policies that the rule belongs to
7819+ items:
7820+ type: string
7821+ type: array
77237822 enabled:
77247823 description: Whether the Agent rule is enabled
77257824 example: true
@@ -7728,6 +7827,11 @@ components:
77287827 description: The SECL expression of the Agent rule
77297828 example: exec.file.name == "sh"
77307829 type: string
7830+ monitoring:
7831+ description: The monitoring policies that the rule belongs to
7832+ items:
7833+ type: string
7834+ type: array
77317835 policy_id:
77327836 description: The ID of the policy where the Agent rule is saved
77337837 example: a8c8e364-6556-434d-b798-a4c23de29c0b
@@ -55653,9 +55757,10 @@ paths:
5565355757 value: "{\n \"data\": {\n \"type\": \"agent_rule\",\n \"attributes\":
5565455758 {\n \"name\": \"{{ unique_lower_alnum }}\",\n \"description\":
5565555759 \"My Agent rule\",\n \"expression\": \"exec.file.name == \\\"sh\\\"\",\n
55656- \ \"enabled\": true,\n \"product_tags\": [\"security:attack\",
55657- \"technique:T1059\"],\n \"policy_id\": \"{{ policy.data.id }}\"\n
55658- \ }\n }\n}"
55760+ \ \"actions\": [{\"set\": {\"name\": \"test_set\", \"value\": \"test_value\",
55761+ \"scope\": \"process\"}}],\n \"enabled\": true,\n \"product_tags\":
55762+ [\"security:attack\", \"technique:T1059\"],\n \"policy_id\": \"{{
55763+ policy.data.id }}\"\n }\n }\n}"
5565955764 step: there is a valid "agent_rule_rc" in the system
5566055765 x-menu-order: 4
5566155766 x-undo:
0 commit comments