Custom Rules

Managing Conformity custom rules.

This is an experimental feature and is currently in a private beta. To request access for your organisation or for more information please contact your account manager.

 

List All Organisation Custom Rules

get/custom-rules

This endpoint allows you to query your organisations custom rules.

SecurityApiKeyAuth
Responses
200

OK

403

Forbidden. This happens when your organisation does not have access to the custom rules beta. Please reach out to your account manager to request access or for more information.

Response samples
application/json
{
  • "data": [
    ]
}

Create Custom Rule

post/custom-rules

This endpoint allows you to create custom rules for your organisation.

Enabled custom rules are immediately available to all your organisations accounts.

This endpoint is only available to ADMIN users.

SecurityApiKeyAuth
Request
Request Body schema: application/vnd.api+json
required
Array of objects non-empty

Attributes of the resource data that will be evaluated

categories
required
Array of strings (categories)
Items Enum: "security" "cost-optimisation" "reliability" "performance-efficiency" "operational-excellence" "sustainability"
description
required
string

Custom rule description

enabled
required
boolean

Flag indicating status of a rule, disabled rules will not be run by Conformity Bot or Real-Time Threat Monitoring (RTM).

name
required
string

Custom rule name

provider
required
string (provider)

Name of the cloud provider.

Enum: "aws" "azure" "gcp"
remediationNotes
string

Optional text description of notes relevant to remediation

resourceType
required
string

The type of resource this custom rule applies to. For a complete list, please refer to Conformity Resource Types Endpoint

required
Array of objects

Rules defined within the custom rule

service
required
string

The cloud provider service name. For a complete list, please refer to Conformity Services Endpoint

severity
required
string (severity)

Severity of the Conformity rule.

Enum: "LOW" "MEDIUM" "HIGH" "VERY_HIGH" "EXTREME"
slug
string

Custom rule slug, specified on create only to form the rule ID

Responses
200

OK

403

Forbidden. The requesting user does not have enough privilege or organisation does not have access to the custom rules beta. Please reach out to your account manager to request access or for more information.

422

Unprocessable Entity

Request samples
application/vnd.api+json
{
  • "name": "S3 Bucket Custom Rule",
  • "slug": "s3-bucket-name-length-check",
  • "description": "This custom rule ensures S3 buckets follow our best practice",
  • "remediationNotes": "If this is broken, please follow these steps:\n1. Step one \n2. Step two\n",
  • "service": "S3",
  • "resourceType": "s3-bucket",
  • "categories": [
    ],
  • "severity": "HIGH",
  • "provider": "aws",
  • "enabled": true,
  • "attributes": [
    ],
  • "rules": [
    ]
}
Response samples
application/json
{
  • "data": {
    }
}

Get Custom Rule

get/custom-rules/{ruleId}

This endpoint allows you to query your organisation custom rules.

SecurityApiKeyAuth
Request
path Parameters
ruleId
required
string
Responses
200

OK

403

Forbidden. This happens when your organisation does not have access to the custom rules beta. Please reach out to your account manager to request access or for more information.

404

Custom rule not found

Response samples
application/json
{
  • "data": [
    ]
}

Delete Custom Rule

delete/custom-rules/{ruleId}

This endpoint allows you to delete a custom rule. This is a permanent action.

This endpoint is only available to ADMIN users.

SecurityApiKeyAuth
Request
path Parameters
ruleId
required
string
Responses
200

OK

403

Forbidden. The requesting user does not have enough privilege or organisation does not have access to the custom rules beta. Please reach out to your account manager to request access or for more information.

404

Custom rule not found

Response samples
application/json
{
  • "meta": {
    }
}

Update Custom Rule

put/custom-rules/{ruleId}

This endpoint allows you to update a custom rule.

This endpoint is only available to ADMIN users.

SecurityApiKeyAuth
Request
path Parameters
ruleId
required
string
Request Body schema: application/vnd.api+json
required
Array of objects non-empty

Attributes of the resource data that will be evaluated

categories
required
Array of strings (categories)
Items Enum: "security" "cost-optimisation" "reliability" "performance-efficiency" "operational-excellence" "sustainability"
description
required
string

Custom rule description

enabled
required
boolean

Flag indicating status of a rule, disabled rules will not be run by Conformity Bot or Real-Time Threat Monitoring (RTM).

name
required
string

Custom rule name

provider
required
string (provider)

Name of the cloud provider.

Enum: "aws" "azure" "gcp"
remediationNotes
string

Optional text description of notes relevant to remediation

resourceType
required
string

The type of resource this custom rule applies to. For a complete list, please refer to Conformity Resource Types Endpoint

required
Array of objects

Rules defined within the custom rule

service
required
string

The cloud provider service name. For a complete list, please refer to Conformity Services Endpoint

severity
required
string (severity)

Severity of the Conformity rule.

Enum: "LOW" "MEDIUM" "HIGH" "VERY_HIGH" "EXTREME"
slug
string

Custom rule slug, specified on create only to form the rule ID

Responses
200

OK

403

Forbidden. The requesting user does not have enough privilege or organisation does not have access to the custom rules beta. Please reach out to your account manager to request access or for more information.

404

Custom rule not found

422

Unprocessable Entity

Request samples
application/vnd.api+json
{
  • "name": "S3 Bucket Custom Rule",
  • "slug": "s3-bucket-name-length-check",
  • "description": "This custom rule ensures S3 buckets follow our best practice",
  • "remediationNotes": "If this is broken, please follow these steps:\n1. Step one \n2. Step two\n",
  • "service": "S3",
  • "resourceType": "s3-bucket",
  • "categories": [
    ],
  • "severity": "HIGH",
  • "provider": "aws",
  • "enabled": true,
  • "attributes": [
    ],
  • "rules": [
    ]
}
Response samples
application/json
{
  • "data": {
    }
}

Run Custom Rule

post/custom-rules/run

This endpoint allows you to dry run a custom rule template or saved custom rule.

Executing a custom rule via this endpoint is for development and testing purposes and only returns results or related data. It does not affect saved data or events, such as, checks, notifications, reports etc. If there are no related resources, then an empty array will be returned.

 

This endpoint is only available to ADMIN users.

This endpoint can run against saved data and/or data that is provided in the request body.

  • Saved custom rule id against a Conformity account accountId
  • Saved custom rule id against mock/test resource data
  • Custom rule template/configuration against a Conformity account accountId
  • Custom rule template/configuration against mock/test resource data

When executing a custom rule against a Conformity account, the resource data related to the Conformity account is only accurate up until the last Conformity Bot run.

SecurityApiKeyAuth
Request
query Parameters
accountId
string

A Conformity account ID in which to run a custom rule against.

id
string

The ID of a saved custom rule to run.

resourceData
boolean
Default: false

Enables the return of the resource data that was used to evaluate the custom rule. This can only return data for one resource and requires a custom rule configuration to have property resourceId defined.

Request Body schema: application/vnd.api+json
object

Custom rule configuration to test run.

  • This allows for development, testing, validation of a custom rule configuration.
  • If the request includes configuration in the body and rule id query parameter, this endpoint will ignore the parameter id.
object

Mock resource data to use as the input to the custom rule.

  • This allows for development, testing, and validation of a custom rule against specific data/scenarios.
  • If the request includes resource in the body and accountId query parameter, the endpoint will ignore the parameter accountId.
Responses
200

OK

403

Forbidden. The requesting user does not have enough privilege or organisation does not have access to the custom rules beta. Please reach out to your account manager to request access or for more information.

404

Custom rule not found

422

Unprocessable Entity

Request samples
application/vnd.api+json
{
  • "configuration": {
    },
  • "resource": {
    }
}
Response samples
application/json
[
  • {
    }
]