Update a security group

curl --request PUT \
  --url https://api.altostrat.io/security-groups/{securityGroupId} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "Web Application Servers",
  "description": "Allows HTTP/S from the world and SSH from the office.",
  "rules": [
    {
      "direction": "inbound",
      "order": 10,
      "protocol": 6,
      "port": "443",
      "address": "0.0.0.0/0",
      "description": "Allow HTTPS"
    },
    {
      "direction": "inbound",
      "order": 20,
      "protocol": 6,
      "port": "80",
      "address": "0.0.0.0/0",
      "description": "Allow HTTP"
    },
    {
      "direction": "inbound",
      "order": 30,
      "protocol": 6,
      "port": "22",
      "address": "prfx_lst_0ujsswThIGTUYm2K8FjOOfxcYpw",
      "description": "Allow SSH from Office"
    }
  ],
  "sites": [
    "site_0ujsswThIGTUYm2K8FjOOfxcYpw",
    "site_0ujsswThIGTUYm2K8FjOOfxcYpz"
  ]
}
'

{
  "id": "sec_grp_0ujsswThIGTUYm2K8FjOOfxcYpw",
  "name": "Default Web Servers",
  "description": "Allows inbound HTTP/HTTPS traffic from anywhere.",
  "status": "active",
  "sites": [
    "site_12345"
  ],
  "rules": [
    {
      "id": "fltr_0ujsswThIGTUYm2K8FjOOfxcYpw",
      "direction": "inbound",
      "order": 10,
      "protocol": 6,
      "port": "443",
      "address": "0.0.0.0/0",
      "description": "Allow inbound HTTPS traffic"
    }
  ]
}

PUT

security-groups

{securityGroupId}

Update a security group

curl --request PUT \
  --url https://api.altostrat.io/security-groups/{securityGroupId} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "Web Application Servers",
  "description": "Allows HTTP/S from the world and SSH from the office.",
  "rules": [
    {
      "direction": "inbound",
      "order": 10,
      "protocol": 6,
      "port": "443",
      "address": "0.0.0.0/0",
      "description": "Allow HTTPS"
    },
    {
      "direction": "inbound",
      "order": 20,
      "protocol": 6,
      "port": "80",
      "address": "0.0.0.0/0",
      "description": "Allow HTTP"
    },
    {
      "direction": "inbound",
      "order": 30,
      "protocol": 6,
      "port": "22",
      "address": "prfx_lst_0ujsswThIGTUYm2K8FjOOfxcYpw",
      "description": "Allow SSH from Office"
    }
  ],
  "sites": [
    "site_0ujsswThIGTUYm2K8FjOOfxcYpw",
    "site_0ujsswThIGTUYm2K8FjOOfxcYpz"
  ]
}
'

{
  "id": "sec_grp_0ujsswThIGTUYm2K8FjOOfxcYpw",
  "name": "Default Web Servers",
  "description": "Allows inbound HTTP/HTTPS traffic from anywhere.",
  "status": "active",
  "sites": [
    "site_12345"
  ],
  "rules": [
    {
      "id": "fltr_0ujsswThIGTUYm2K8FjOOfxcYpw",
      "direction": "inbound",
      "order": 10,
      "protocol": 6,
      "port": "443",
      "address": "0.0.0.0/0",
      "description": "Allow inbound HTTPS traffic"
    }
  ]
}

Authorizations

Authorization

string

header

required

Authentication is performed via an Auth0-issued JSON Web Token (JWT). Provide the token in the Authorization header with the Bearer scheme.

Path Parameters

securityGroupId

string

required

The unique identifier for the security group to update.

Example:

"sec_grp_0ujsswThIGTUYm2K8FjOOfxcYpw"

Body

application/json

The new state for the security group.

Defines the writable properties for creating or updating a security group.

name

string

required

A human-readable name for the security group.

Required string length: 3 - 255

Example:

"Web Application Firewall"

rules

object[]

required

A list of firewall rules. The order of rules is determined by the order property within each rule object. The entire list of rules is replaced on update.

Maximum array length: 250

Show child attributes

rules.direction

enum<string>

required

The direction of traffic.

Available options:

inbound,

outbound

Example:

"inbound"

rules.order

integer

required

The rule's processing order (1-250), unique within the group.

Required range: 1 <= x <= 250

Example:

100

rules.protocol

integer

required

The IP protocol number (e.g., 6 for TCP). Use the Reference Data endpoint to get a full list.

Example:

6

rules.port

string

required

The port or port range (e.g., "80", "1024-2048"). Must be an empty string for protocols that don't support ports.

Example:

"443"

rules.address

string

required

A valid IPv4 CIDR or a Prefix List ID (prfx_lst_...).

Example:

"prfx_lst_0ujsswThIGTUYm2K8FjOOfxcYpw"

rules.description

string

required

A brief, human-readable description of the rule's purpose.

Maximum string length: 255

Example:

"Allow SSH from management network"

sites

string[]

required

A list of site IDs to which this security group should be applied. The entire list of sites is replaced on update.

description

string | null

An optional description for the security group.

Maximum string length: 1024

Example:

"Allows inbound HTTP/S and blocks common attack vectors."

Response

The updated security group object.

Represents a container for a stateful firewall ruleset.

string

The unique identifier for the security group, prefixed with sec_grp_.

Example:

"sec_grp_0ujsswThIGTUYm2K8FjOOfxcYpw"

name

string

A human-readable name for the security group.

Example:

"Default Web Servers"

description

string

An optional description for the security group, providing more context.

Example:

"Allows inbound HTTP/HTTPS traffic from anywhere."

status

enum<string>

The current synchronization status of the security group. syncing means changes are being deployed and the resource is locked from modification.

Available options:

active,

syncing,

failed

Example:

"active"

sites

string[]

A list of site IDs to which this security group is currently applied.

rules

object[]

An ordered list of firewall rules that define the security policy.

Show child attributes

rules.id

string

The unique identifier for the filter rule, prefixed with fltr_.

Example:

"fltr_0ujsswThIGTUYm2K8FjOOfxcYpw"

rules.direction

enum<string>

The direction of traffic the rule applies to.

Available options:

inbound,

outbound

Example:

"inbound"

rules.order

integer

The processing order of the rule, from lowest to highest. Must be unique within the security group.

Required range: 1 <= x <= 250

Example:

10

rules.protocol

integer

The IP protocol number. Common values are 6 (TCP), 17 (UDP), 1 (ICMP). 0 represents all protocols.

Example:

6

rules.port

string

The destination port or port range. Required for protocols like TCP and UDP. Should be an empty string for protocols that do not use ports (e.g., ICMP).

Example:

"443"

rules.address

string

The source (for inbound) or destination (for outbound) address. Can be a CIDR block or a reference to a Prefix List ID (prfx_lst_...).

Example:

"0.0.0.0/0"

rules.description

string

A human-readable description for the rule.

Example:

"Allow inbound HTTPS traffic"

Retrieve a security group

Delete a security group

⌘I

Getting Started

Platform & Identity

Device Management & Orchestration

Automation & AI

Network Services & Connectivity

Security & Threat Management

Monitoring & Analytics

Core Services & Utilities

Update a security group

Authorizations

Path Parameters

Body

Response