Updates (overwrites) a single predicate by its unique ID.

Basic Parameters

ParameterDescription
PredicateThe attributes of the predicate to overwrite. Provide all attributes.For instance:{ "definition": { "$and": [ { "$stringStartsWith": { "message.kind": { "$value": "email", "$assignIfTrue": [ { "$dstIndex": "condition.RoyalMessage.methodEmail", "$srcMode": "const", "$srcParam": true } ], "$assignIfFalse": [ { "$dstIndex": "condition.RoyalMessage.methodEmail", "$srcMode": "const", "$srcParam": false } ] } } }, { "$stringMatch": { "message.sender.email": { "$value": "@proofpoint[^\\.]*", "$assignIfTrue": [ { "$dstIndex": "condition.RoyalMessage.emailHit", "$srcMode": "match" }, { "$dstIndex": "condition.RoyalMessage.emailHitFirst", "$srcMode": "first" }, { "$dstIndex": "condition.RoyalMessage.emailHitLast", "$srcMode": "last" }, { "$dstIndex": "condition.RoyalMessage.emailHitRange", "$srcMode": "array", "$srcParam": [ { "$srcMode": "first" }, { "$srcMode": "last" } ] } ], "$assignIfFalse": [ { "$dstIndex": "condition.RoyalMessage.emailMiss", "$srcMode": "param", "srcParam": "message.sender.email" } ] } } }, { "$stringBetween": { "message.sender.displayName": [ "king", "queen" ], "$assignIfTrue": [ { "$dstIndex": "condition.RoyalMessage.title", "$srcMode": "param", "$srcParam": "message.sender.displayName" } ] } } ] }, "details": { "name": "USA Part Codes", "description": "Two-letter codes of all USA parts including states, territories and the DC", "meta": {} }, "alias": "USA_PART_CODES", "iver": 319, "kind": "it:predicate:custom:match", "purposes": [ "it:purpose:detection:rule:condition", "it:purpose:endpoint:policy:match", "it:purpose:exploration:search:filter", "it:purpose:authorization:abac:condition" ], "sver": "1.2.3", "createdAt": "2018-04-12T16:36:51.700Z", "createdBy": { "principal": { "id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453" }, "clients": [ { "id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453" } ] }, "updatedAt": "2018-04-12T16:36:51.700Z", "updatedBy": { "principal": { "id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453" }, "clients": [ { "id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453" } ] }, "tenant": 123456789, "extent": "tenant", "status": "active", "risk": { "default": {} }, "tags": [ "rules", "windows", "agent" ]}
Predicate IDPredicate’s unique ID (uuid).

Advanced Parameters

ParameterDescription
ConsistencyReturn when data is ready for read or query.
Correlation IDID to correlate multiple requests.
TimeoutTime to wait before consistency=query throws.
Transaction IDID for a transaction.

Example Output

{
	"_status": {
		"status": 0,
		"code": "string"
	},
	"_meta": {
		"stats": {
			"offset": 0,
			"limit": 0,
			"total": 0
		},
		"origin": {}
	},
	"definition": {
		"$and": [
			{
				"$stringStartsWith": {
					"message.kind": {
						"$value": "email",
						"$assignIfTrue": [
							{
								"$dstIndex": "condition.RoyalMessage.methodEmail",
								"$srcMode": "const",
								"$srcParam": true
							}
						],
						"$assignIfFalse": [
							{
								"$dstIndex": "condition.RoyalMessage.methodEmail",
								"$srcMode": "const",
								"$srcParam": false
							}
						]
					}
				}
			},
			{
				"$stringMatch": {
					"message.sender.email": {
						"$value": "@proofpoint[^\\.]*",
						"$assignIfTrue": [
							{
								"$dstIndex": "condition.RoyalMessage.emailHit",
								"$srcMode": "match"
							},
							{
								"$dstIndex": "condition.RoyalMessage.emailHitFirst",
								"$srcMode": "first"
							},
							{
								"$dstIndex": "condition.RoyalMessage.emailHitLast",
								"$srcMode": "last"
							},
							{
								"$dstIndex": "condition.RoyalMessage.emailHitRange",
								"$srcMode": "array",
								"$srcParam": [
									{
										"$srcMode": "first"
									},
									{
										"$srcMode": "last"
									}
								]
							}
						],
						"$assignIfFalse": [
							{
								"$dstIndex": "condition.RoyalMessage.emailMiss",
								"$srcMode": "param",
								"srcParam": "message.sender.email"
							}
						]
					}
				}
			},
			{
				"$stringBetween": {
					"message.sender.displayName": [
						"king",
						"queen"
					],
					"$assignIfTrue": [
						{
							"$dstIndex": "condition.RoyalMessage.title",
							"$srcMode": "param",
							"$srcParam": "message.sender.displayName"
						}
					]
				}
			}
		]
	},
	"details": {
		"name": "USA Part Codes",
		"description": "Two-letter codes of all USA parts including states, territories and the DC",
		"meta": {}
	},
	"alias": "USA_PART_CODES",
	"iver": 319,
	"kind": "it:predicate:custom:match",
	"purposes": [
		"it:purpose:detection:rule:condition",
		"it:purpose:endpoint:policy:match",
		"it:purpose:exploration:search:filter",
		"it:purpose:authorization:abac:condition"
	],
	"sver": "1.2.3",
	"createdAt": "2018-04-12T16:36:51.700Z",
	"createdBy": {
		"principal": {
			"id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453"
		},
		"clients": [
			{
				"id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453"
			}
		]
	},
	"updatedAt": "2018-04-12T16:36:51.700Z",
	"updatedBy": {
		"principal": {
			"id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453"
		},
		"clients": [
			{
				"id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453"
			}
		]
	},
	"tenant": 123456789,
	"extent": "tenant",
	"status": "active",
	"risk": {
		"default": {}
	},
	"tags": [
		"rules",
		"windows",
		"agent"
	],
	"id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453"
}

Workflow Library Example

Update Predicate with Proofpoint Itm and Send Results Via Email

Preview this Workflow on desktop

Was this page helpful?