Update rule

Use the Update rule operation to update a recommendation rule in the tenant.

Operation parameters

Note

For the purpose of updating a rule, the following fields should be set as follows:

  • Credentials to connect with : The Client ID and Client Secret of any application in your tenant. Retrieve the credentials from any application in your tenant (available in the application settings ). These credentials are not scoped to a specific app—they grant access to the entire tenant. Once saved, the credentials are stored as a Transmit Security account and can be updated at any time.
  • Resource : Detection and Response
  • Operation : Update rule
  • Name : Defines the name of the recommendation rule. Must be unique across the tenant. Autogenerated if not provided.
  • Priority : Sets the priority of the recommendation rule, which determines the order in which rules are evaluated. Rules are evaluated from smallest to biggest priority value and only the first rule to match will apply. Values range 1-100. Priority value must be unique.
  • Recommendation : Defines which recommendation generated when the rule is matched( challenge , deny , trust , or allow ).
  • Enabled : Defines whether or not the rule will be evaluated. Default is false .
  • Mode : Defines the scope of the rule. Values are:
    • preview : Allows you to simulate a rule and evaluate its impact before releasing it to production. The simulation occurs each time a recommendation is requested. If the preview rule matches the request (meaning, its priority is higher than all matching rules), the response will include this preview rule and what the recommendation would have been if all rules were in production.
    • in production : The rule applies each time a recommendation is requested concurs to modify recommendation data in production.
  • Type : Defines the rule type. Must be risk . required
  • Description : ALlows you to enter a description for the rule.
  • Matchers : Defines the set of conditions that define the rule logic. Matchers are:
    • ASN ID ; Matches based on the ASN detected using the IP address
    • Application ID ; Matches based on app ID
    • Action type ; Matches based on the client action for which the recommendation is requested
    • Browser names ; Matches based on browser name
    • Client ID ; Matches based on client ID
    • Country codes ; Matches based on the country in which the device is located
    • Device fingerprints ; Matches based on device fingerprint
    • Device IDs ; Matches based on the device ID
    • Device platform ; Matches based on device type, as classified by Transmit (e.g., desktop, mobile, wearable)
    • Device public keys ; Matches based on device public key
    • Device timezone ; Matches based on the timezone detected by Transmit using device telemetry
    • IP CIDRs ; Matches based on IP address
    • IP timezone ; Matches based on the timezone detected by Transmit using IP address
    • Location ; Matches based on the place in the application in which the action was performed (such as page URL)
    • Operating system versions ; Matches based on the device OS version
    • Organization name ; Matches based on the organization name associated with the IP address
    • Organization type ; Matches based on the organization type associated with the IP address
    • User agent ; Matches based on user agent
    • User IDs ; Matches based on user identifier

Result

As the Transmit node is run, the rule is updated. The node displays the following metadata:

  • message : update confirmation message
  • data : A summary of the metadata set for the recommendation rule (see parameters above)