Open sudofez opened 6 years ago
It seems the updated API would allow for this use case, check the "detectOnly" field: https://automation.deepsecurity.trendmicro.com/article/11_3/api-reference?platform=on-premise#operation/modifyIntrusionPreventionRuleOnPolicy
Is there a way to set a DPIRule back to it's default state? I'm working on setting new rules to alert only for x amount of time during pre-prod testing and switching them back to their default state after I observe the rule impact.
Is this possible through the API or will I have to store the rule state in a DB or file somewhere before I switch the detectOnly boolean?
Something like this is what I'm after: