Managing Conformity custom rules.
This is an experimental feature and is currently in a private beta. To request access for your organisation or for more information please contact your account manager.
List All Organisation Custom Rules
This endpoint allows you to query your organisations custom rules.
OK
Forbidden. This happens when your organisation does not have access to the custom rules beta. Please reach out to your account manager to request access or for more information.
- 200
- 403
{- "data": [
- {
- "type": "CustomRules",
- "id": "CUSTOM-123ABC",
- "attributes": {
- "name": "S3 Bucket Name Length Check",
- "description": "We want to make sure bucket names do not exceed some length",
- "remediationNotes": "If this is broken, please follow these steps:\n1. Step one \n2. Step two\n",
- "service": "S3",
- "resourceType": "s3-bucket",
- "severity": "MEDIUM",
- "enabled": true,
- "categories": [
- "operational-excellence"
], - "attributes": [
- {
- "name": "bucketName",
- "path": "data.Name",
- "required": true
}
], - "rules": [
- {
- "conditions": {
- "all": [
- {
- "fact": "bucketName",
- "operator": "pattern",
- "value": "^([a-zA-Z0-9_-]){1,32}$"
}
]
}, - "event": {
- "type": "Bucket name is longer than 32 characters"
}
}
]
}
}
]
}Create Custom Rule
This endpoint allows you to create custom rules for your organisation.
Enabled custom rules are immediately available to all your organisations accounts.
This endpoint is only available to ADMIN users.
Request Body schema: application/json
required | Array of objects non-empty Attributes of the resource data that will be evaluated |
| categories required | Array of strings (categories) Items Enum: "security" "cost-optimisation" "reliability" "performance-efficiency" "operational-excellence" "sustainability" |
| description required | string Custom rule description |
| enabled required | boolean Flag indicating status of a rule, disabled rules will not be run by Conformity Bot or Real-Time Threat Monitoring (RTM). |
| name required | string Custom rule name |
| provider required | string (provider) Name of the cloud provider. |
| remediationNotes | string Optional text description of notes relevant to remediation |
| resourceType required | string The type of resource this custom rule applies to. For a complete list, please refer to Conformity Resource Types Endpoint |
required | Array of objects Rules defined within the custom rule |
| service required | string The cloud provider service name. For a complete list, please refer to Conformity Services Endpoint |
| severity required | string (severity) Severity of the Conformity rule. |
| slug | string Custom rule slug, specified on create only to form the rule ID |
OK
Forbidden. The requesting user does not have enough privilege or organisation does not have access to the custom rules beta. Please reach out to your account manager to request access or for more information.
Unprocessable Entity
- Payload
{- "name": "S3 Bucket Custom Rule",
- "slug": "s3-bucket-name-length-check",
- "description": "This custom rule ensures S3 buckets follow our best practice",
- "remediationNotes": "If this is broken, please follow these steps:\n1. Step one \n2. Step two\n",
- "service": "S3",
- "resourceType": "s3-bucket",
- "categories": [
- "security"
], - "severity": "HIGH",
- "provider": "aws",
- "enabled": true,
- "attributes": [
- {
- "name": "bucketName",
- "path": "data.Name",
- "required": true
}
], - "rules": [
- {
- "conditions": {
- "any": [
- {
- "fact": "bucketName",
- "operator": "pattern",
- "value": "^([a-zA-Z0-9_-]){1,32}$"
}
]
}, - "event": {
- "type": "Bucket name is longer than 32 characters"
}
}
]
}- 200
- 403
- 422
{- "data": {
- "type": "CustomRules",
- "id": "CUSTOM-123ABC",
- "attributes": {
- "name": "S3 Bucket Custom Rule",
- "description": "This custom rule ensures S3 buckets follow our best practice",
- "remediationNotes": "If this is broken, please follow these steps:\n1. Step one \n2. Step two\n",
- "service": "S3",
- "resourceType": "s3-bucket",
- "categories": [
- "security"
], - "severity": "HIGH",
- "provider": "aws",
- "enabled": true,
- "attributes": [
- {
- "name": "bucketName",
- "path": "data.Name",
- "required": true
}
], - "rules": [
- {
- "conditions": {
- "any": [
- {
- "fact": "bucketName",
- "operator": "pattern",
- "value": "^([a-zA-Z0-9_-]){1,32}$"
}
]
}, - "event": {
- "type": "Bucket name is longer than 32 characters"
}
}
]
}
}
}Get Custom Rule
This endpoint allows you to query your organisation custom rules.
OK
Forbidden. This happens when your organisation does not have access to the custom rules beta. Please reach out to your account manager to request access or for more information.
Custom rule not found
- 200
- 403
- 404
{- "data": [
- {
- "type": "CustomRules",
- "id": "CUSTOM-123ABC",
- "attributes": {
- "name": "S3 Bucket Name Length Check",
- "description": "We want to make sure bucket names do not exceed some length",
- "remediationNotes": "If this is broken, please follow these steps:\n1. Step one \n2. Step two\n",
- "service": "S3",
- "resourceType": "s3-bucket",
- "severity": "MEDIUM",
- "enabled": true,
- "categories": [
- "operational-excellence"
], - "attributes": [
- {
- "name": "bucketName",
- "path": "data.Name",
- "required": true
}
], - "rules": [
- {
- "conditions": {
- "all": [
- {
- "fact": "bucketName",
- "operator": "pattern",
- "value": "^([a-zA-Z0-9_-]){1,32}$"
}
]
}, - "event": {
- "type": "Bucket name is longer than 32 characters"
}
}
]
}
}
]
}Delete Custom Rule
This endpoint allows you to delete a custom rule. This is a permanent action.
This endpoint is only available to ADMIN users.
OK
Forbidden. The requesting user does not have enough privilege or organisation does not have access to the custom rules beta. Please reach out to your account manager to request access or for more information.
Custom rule not found
- 200
- 403
- 404
{- "meta": {
- "status": "deleted"
}
}Update Custom Rule
This endpoint allows you to update a custom rule.
This endpoint is only available to ADMIN users.
Request Body schema: application/json
required | Array of objects non-empty Attributes of the resource data that will be evaluated |
| categories required | Array of strings (categories) Items Enum: "security" "cost-optimisation" "reliability" "performance-efficiency" "operational-excellence" "sustainability" |
| description required | string Custom rule description |
| enabled required | boolean Flag indicating status of a rule, disabled rules will not be run by Conformity Bot or Real-Time Threat Monitoring (RTM). |
| name required | string Custom rule name |
| provider required | string (provider) Name of the cloud provider. |
| remediationNotes | string Optional text description of notes relevant to remediation |
| resourceType required | string The type of resource this custom rule applies to. For a complete list, please refer to Conformity Resource Types Endpoint |
required | Array of objects Rules defined within the custom rule |
| service required | string The cloud provider service name. For a complete list, please refer to Conformity Services Endpoint |
| severity required | string (severity) Severity of the Conformity rule. |
| slug | string Custom rule slug, specified on create only to form the rule ID |
OK
Forbidden. The requesting user does not have enough privilege or organisation does not have access to the custom rules beta. Please reach out to your account manager to request access or for more information.
Custom rule not found
Unprocessable Entity
- Payload
{- "name": "S3 Bucket Custom Rule",
- "slug": "s3-bucket-name-length-check",
- "description": "This custom rule ensures S3 buckets follow our best practice",
- "remediationNotes": "If this is broken, please follow these steps:\n1. Step one \n2. Step two\n",
- "service": "S3",
- "resourceType": "s3-bucket",
- "categories": [
- "security"
], - "severity": "HIGH",
- "provider": "aws",
- "enabled": true,
- "attributes": [
- {
- "name": "bucketName",
- "path": "data.Name",
- "required": true
}
], - "rules": [
- {
- "conditions": {
- "any": [
- {
- "fact": "bucketName",
- "operator": "pattern",
- "value": "^([a-zA-Z0-9_-]){1,32}$"
}
]
}, - "event": {
- "type": "Bucket name is longer than 32 characters"
}
}
]
}- 200
- 403
- 404
- 422
{- "data": {
- "type": "CustomRules",
- "id": "CUSTOM-123ABC",
- "attributes": {
- "name": "S3 Bucket Custom Rule",
- "description": "This custom rule ensures S3 buckets follow our best practice",
- "remediationNotes": "If this is broken, please follow these steps:\n1. Step one \n2. Step two\n",
- "service": "S3",
- "resourceType": "s3-bucket",
- "categories": [
- "security"
], - "severity": "HIGH",
- "provider": "aws",
- "enabled": true,
- "attributes": [
- {
- "name": "bucketName",
- "path": "data.Name",
- "required": true
}
], - "rules": [
- {
- "conditions": {
- "any": [
- {
- "fact": "bucketName",
- "operator": "pattern",
- "value": "^([a-zA-Z0-9_-]){1,32}$"
}
]
}, - "event": {
- "type": "Bucket name is longer than 32 characters"
}
}
]
}
}
}Run Custom Rule
This endpoint allows you to dry run a custom rule template or saved custom rule.
Executing a custom rule via this endpoint is for development and testing purposes and only returns results or related data. It does not affect saved data or events, such as, checks, notifications, reports etc. If there are no related resources, then an empty array will be returned.
This endpoint is only available to ADMIN users.
This endpoint can run against saved data and/or data that is provided in the request body.
- Saved custom rule
idagainst a Conformity accountaccountId - Saved custom rule
idagainst mock/test resource data - Custom rule template/configuration against a Conformity account
accountId - Custom rule template/configuration against mock/test resource data
When executing a custom rule against a Conformity account, the resource data related to the Conformity account is only accurate up until the last Conformity Bot run.
query Parameters
Request Body schema: application/json
object Custom rule configuration to test run.
| |
object Mock resource data to use as the input to the custom rule.
|
OK
Forbidden. The requesting user does not have enough privilege or organisation does not have access to the custom rules beta. Please reach out to your account manager to request access or for more information.
Custom rule not found
Unprocessable Entity
- Payload
{- "configuration": {
- "name": "S3 Bucket Name Length Check",
- "slug": "s3-bucket-name-length-check",
- "description": "We want to make sure bucket names do not exceed some length",
- "service": "S3",
- "resourceType": "s3-bucket",
- "severity": "MEDIUM",
- "provider": "aws",
- "enabled": true,
- "categories": [
- "operational-excellence"
], - "attributes": [
- {
- "name": "bucketName",
- "path": "data.Name",
- "required": true
}
], - "rules": [
- {
- "conditions": {
- "all": [
- {
- "fact": "bucketName",
- "operator": "pattern",
- "value": "^([a-zA-Z0-9_-]){1,32}$"
}
]
}, - "event": {
- "type": "Bucket name is longer than 32 characters"
}
}
]
}, - "resource": {
- "accountId": "r1gyR4cqg",
- "organisationId": "abc123AbcC",
- "resourceId": "CloudConformityMonitoring",
- "service": "S3",
- "descriptorType": "s3-bucket",
- "ccrn": "ccrn:aws:r1gyR4cqg:S3:us-west-2:CloudConformityMonitoring",
- "region": "us-west-2",
- "name": "S3 Bucket",
- "provider": "aws",
- "data": {
- "resourceId": "CloudConformityMonitoring",
- "Name": "CloudConformityMonitoring"
}
}
}- 200
- 403
- 404
- 422
[- {
- "region": "us-west-2",
- "resource": "CloudConformityMonitoring",
- "ccrn": "ccrn:aws:r1gyR4cqg:CloudFormation:us-west-2:CloudConformityMonitoring",
- "status": "SUCCESS",
- "message": "S3 Bucket CloudConformityMonitoring passed 'Bucket name is longer than 32 characters' rule condition.",
- "extradata": [
- {
- "label": "successEvent",
- "name": "Passed Condition Event",
- "type": "META",
- "value": "Bucket name is longer than 32 characters"
}
]
}
]