- NAME
-
- gcloud beta network-security security-profiles threat-prevention add-override - add overrides to Threat Prevention Profile
- SYNOPSIS
-
-
gcloud beta network-security security-profiles threat-prevention add-override
(SECURITY_PROFILE
:--location
=LOCATION
--organization
=ORGANIZATION
)--action
=ACTION
(--severities
=[SEVERITY_LEVEL
,…] |--threat-ids
=[THREAT-ID
,…]) [--async
] [--update-labels
=[KEY
=VALUE
,…]] [--clear-labels
|--remove-labels
=[KEY
,…]] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
-
(BETA)
Add severities or threat-ids to existing threat prevention profile with intended action on each specified. Check the updates of add-override command by usinggcloud network-security security-profiles threat-prevention list-override my-security-profile
.For more examples, refer to the EXAMPLES section below.
- EXAMPLES
-
To add an override, run:
gcloud beta network-security security-profiles threat-prevention add-override my-security-profile --severities=MEDIUM --action=ALLOW
my-security-profile
is the name of the Security Profile in the format organizations/{organizationID}/locations/{location}/securityProfiles/ {security_profile_id} where organizationID is the organization ID to which the changes should apply, location -global
specified and security_profile_id the Security Profile Identifier - POSITIONAL ARGUMENTS
-
-
Security profile resource - Security Profile Name. The arguments in this group
can be used to specify the attributes of this resource.
This must be specified.
SECURITY_PROFILE
-
ID of the security_profile or fully qualified identifier for the
security_profile.
To set the
security_profile
attribute:-
provide the argument
security_profile
on the command line.
This positional argument must be specified if any of the other arguments in this group are specified.
-
provide the argument
--location
=LOCATION
-
location of the security_profile - Global.
To set the
location
attribute:-
provide the argument
security_profile
on the command line with a fully specified name; -
provide the argument
--location
on the command line.
-
provide the argument
--organization
=ORGANIZATION
-
Organization ID to which the changes should apply.
To set the
organization
attribute:-
provide the argument
security_profile
on the command line with a fully specified name; -
provide the argument
--organization
on the command line.
-
provide the argument
-
Security profile resource - Security Profile Name. The arguments in this group
can be used to specify the attributes of this resource.
- REQUIRED FLAGS
-
--action
=ACTION
-
Action associated with severity or threat-id.
ACTION
must be one of:DEFAULT_ACTION
,ALLOW
,ALERT
,DENY
. -
Exactly one of these must be specified:
--severities
=[SEVERITY_LEVEL
,…]- List of comma-separated severities where each value in the list indicates the severity of the threat.
--threat-ids
=[THREAT-ID
,…]- List of comma-separated threat identifiers where each identifier in the list is a vendor-specified Signature ID representing a threat type.
- OPTIONAL FLAGS
-
--async
-
Return immediately, without waiting for the operation in progress to complete.
The default is
False
. --update-labels
=[KEY
=VALUE
,…]-
List of label KEY=VALUE pairs to update. If a label exists, its value is
modified. Otherwise, a new label is created.
Keys must start with a lowercase character and contain only hyphens (
-
), underscores (_
), lowercase characters, and numbers. Values must contain only hyphens (-
), underscores (_
), lowercase characters, and numbers. -
At most one of these can be specified:
--clear-labels
-
Remove all labels. If
--update-labels
is also specified then--clear-labels
is applied first.For example, to remove all labels:
gcloud beta network-security security-profiles threat-prevention add-override --clear-labels
To remove all existing labels and create two new labels,
andfoo
:baz
gcloud beta network-security security-profiles threat-prevention add-override --clear-labels --update-labels foo=bar,baz=qux
--remove-labels
=[KEY
,…]-
List of label keys to remove. If a label does not exist it is silently ignored.
If
--update-labels
is also specified then--update-labels
is applied first.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
This command is currently in beta and might change without notice. These
variants are also available:
gcloud network-security security-profiles threat-prevention add-override
gcloud alpha network-security security-profiles threat-prevention add-override
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-11-12 UTC.