Good day wonderful people,
Expected Outcome: Partially edit existing rules via automation to enable syslog,logend,sendeventstofmc via PUT request.
Issue: The partial modification works successfully, unless Inspection is enabled on the rule, then an error is thrown and a 500 status is raised. If Inspection is not enabled, the request completes and updates as required, and i am able to iterate through all rules via a list in a python script. The only way to work around the Inspection portion is to include the inspection object in the body. Unfortunately, i would need to identify every rule (1000+ rules where Inspection is enabled), and identify their individual settings to include in the body so as not to overwrite or modify those. How do i avoid this issue, if anyone has come across it and found a simple solution?
Request Body:
{
"sendEventsToFMC": true,
"id": "0050568F-427B-0ed3-0000-000268434454",
"enabled": true,
"enableSyslog": true,
"logBegin": false,
"logEnd": true,
"newComments": [
"updated via postman api"
]
}
Response Output:
{
"error": {
"category": "OTHER",
"messages": [
{}
],
"severity": "ERROR"
}
}