Modify SIEM settings

put https://{hostname}/appsec/v1/configs/{configId}/versions/{versionNumber}/siem

Update SIEM settings for a specific configuration. Products: All.

Path Params

configId

int64

required

A unique identifier for each configuration.

versionNumber

integer

required

A unique identifier for each version of a configuration.

Query Params

accountSwitchKey

string

For customers who manage more than one account, this runs the operation from another account. The Identity and Access Management API provides a list of available account switch keys.

Body Params

enableForAllPolicies

boolean

Whether you enabled SIEM for all the security policies in the configuration version.

enableSiem

boolean

required

Whether you enabled SIEM in a security configuration version.

enabledBotmanSiemEvents

boolean

Deprecated Whether you enabled SIEM for the Bot Manager events. Use exceptions parameter instead to set botman siem events exception.

exceptions

array of objects

Describes all attack type exceptions that will be ignored in siem events.

exceptions

firewallPolicyIds

array of strings

The list of security policy identifiers for which to enable the SIEM integration.

firewallPolicyIds

siemDefinitionId

integer

Uniquely identifies the SIEM settings.

Responses

Response body

object

enableForAllPolicies

boolean

Whether you enabled SIEM for all the security policies in the configuration version.

enableSiem

boolean

required

Whether you enabled SIEM in a security configuration version.

enabledBotmanSiemEvents

boolean

Deprecated Whether you enabled SIEM for the Bot Manager events. Use exceptions parameter instead to set botman siem events exception.

exceptions

array of objects

Describes all attack type exceptions that will be ignored in siem events.

exceptions

object

actionTypes

array of strings

Describes actions to be excluded for a particular attack type. A * value means all actions.

actionTypes

protection

string

Attack type to be added as an exception.

ipgeo rate urlProtection slowpost customrules waf apirequestconstraints clientrep malwareprotection botmanagement aprProtection

firewallPolicyIds

array of strings

The list of security policy identifiers for which to enable the SIEM integration.

firewallPolicyIds

siemDefinitionId

integer

Uniquely identifies the SIEM settings.

Language

Authentication

Remember to add your authentication credentials to run this code.

URL


xxxxxxxxxx
1
curl --request PUT \
2
     --url https://hostname/appsec/v1/configs/configId/versions/versionNumber/siem \
3
     --header 'accept: application/json' \
4
     --header 'content-type: application/json' \
5
     --data '{"enableSiem":true}'


xxxxxxxxxx
32
}
1
{
2
  "enableForAllPolicies": false,
3
  "enableSiem": true,
4
  "enabledBotmanSiemEvents": false,
5
  "exceptions": [
6
    {
7
      "actionTypes": [
8
        "*"
9
      ],
10
      "protection": "botmanagement"
11
    },
12
    {
13
      "actionTypes": [
14
        "alert"
15
      ],
16
      "protection": "ipgeo"
17
    },
18
    {
19
      "actionTypes": [
20
        "alert"
21
      ],
22
      "protection": "rate"
23
    }
24
  ],
25
  "firewallPolicyIds": [

200Successfully retrieved SIEM settings.

400Bad request. Invalid request body or URL parameter input.

403Forbidden. You don't have access to the resource.

404Not found. That resource doesn't exist, or the URL is malformed.