NAME
    gcloud alpha compute security-policies update - update a Compute Engine
        security policy

SYNOPSIS
    gcloud alpha compute security-policies update NAME
        [--ddos-protection=DDOS_PROTECTION] [--description=DESCRIPTION]
        [--enable-layer7-ddos-defense] [--enable-ml]
        [--json-custom-content-types=[CONTENT_TYPE,...]]
        [--json-parsing=JSON_PARSING]
        [--layer7-ddos-defense-auto-deploy-confidence-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_CONFIDENCE_THRESHOLD]
        [--layer7-ddos-defense-auto-deploy-expiration-sec=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_EXPIRATION_SEC]
        [--layer7-ddos-defense-auto-deploy-impacted-baseline-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_IMPACTED_BASELINE_THRESHOLD]
        [--layer7-ddos-defense-auto-deploy-load-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_LOAD_THRESHOLD]
        [--layer7-ddos-defense-rule-visibility=VISIBILITY_TYPE]
        [--log-level=LOG_LEVEL]
        [--network-ddos-adaptive-protection=NETWORK_DDOS_ADAPTIVE_PROTECTION]
        [--network-ddos-protection=NETWORK_DDOS_PROTECTION]
        [--recaptcha-redirect-site-key=RECAPTCHA_REDIRECT_SITE_KEY]
        [--request-body-inspection-size=REQUEST_BODY_INSPECTION_SIZE]
        [--user-ip-request-headers=[USER_IP_REQUEST_HEADER,...]]
        [--clear-network-ddos-impacted-baseline-threshold
          | --network-ddos-impacted-baseline-threshold=NETWORK_DDOS_IMPACTED_BASELINE_THRESHOLD]
        [--global | --region=REGION] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    (ALPHA) gcloud alpha compute security-policies update is used to update
    security policies.

EXAMPLES
    To update the description run this:

        $ gcloud alpha compute security-policies update SECURITY_POLICY \
            --description='new description'

POSITIONAL ARGUMENTS
     NAME
        Name of the security policy to update.

FLAGS
     --ddos-protection=DDOS_PROTECTION
        The DDoS protection level for network load balancing and instances with
        external IPs. DDOS_PROTECTION must be one of: STANDARD, ADVANCED,
        ADVANCED_PREVIEW.

     --description=DESCRIPTION
        An optional, textual description for the security policy.

     --enable-layer7-ddos-defense
        Whether to enable Cloud Armor Layer 7 DDoS Defense Adaptive Protection.

     --enable-ml
        Whether to enable Cloud Armor Adaptive Protection

     --json-custom-content-types=[CONTENT_TYPE,...]
        A comma-separated list of custom Content-Type header values to apply
        JSON parsing for preconfigured WAF rules. Only applicable when JSON
        parsing is enabled, like --json-parsing=STANDARD. When configuring a
        Content-Type header value, only the type/subtype needs to be specified,
        and the parameters should be excluded.

     --json-parsing=JSON_PARSING
        The JSON parsing behavior for this rule. Must be one of the following
        values: [DISABLED, STANDARD, STANDARD_WITH_GRAPHQL]. JSON_PARSING must
        be one of: DISABLED, STANDARD, STANDARD_WITH_GRAPHQL.

     --layer7-ddos-defense-auto-deploy-confidence-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_CONFIDENCE_THRESHOLD
        Confidence threshold above which Adaptive Protection's auto-deploy
        takes actions

     --layer7-ddos-defense-auto-deploy-expiration-sec=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_EXPIRATION_SEC
        Duration over which Adaptive Protection's auto-deployed actions last

     --layer7-ddos-defense-auto-deploy-impacted-baseline-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_IMPACTED_BASELINE_THRESHOLD
        Impacted baseline threshold below which Adaptive Protection's
        auto-deploy takes actions

     --layer7-ddos-defense-auto-deploy-load-threshold=LAYER7_DDOS_DEFENSE_AUTO_DEPLOY_LOAD_THRESHOLD
        Load threshold above which Adaptive Protection's auto-deploy takes
        actions

     --layer7-ddos-defense-rule-visibility=VISIBILITY_TYPE
        The visibility type indicates whether the rules are opaque or
        transparent. VISIBILITY_TYPE must be one of: STANDARD, PREMIUM.

     --log-level=LOG_LEVEL
        The level of detail to display for WAF logging. LOG_LEVEL must be one
        of: NORMAL, VERBOSE.

     --network-ddos-adaptive-protection=NETWORK_DDOS_ADAPTIVE_PROTECTION
        The DDoS adaptive protection level for network load balancing and
        instances with external IPs. NETWORK_DDOS_ADAPTIVE_PROTECTION must be
        one of: DISABLED, ENABLED, PREVIEW.

     --network-ddos-protection=NETWORK_DDOS_PROTECTION
        The DDoS protection level for network load balancing and instances with
        external IPs. NETWORK_DDOS_PROTECTION must be one of: STANDARD,
        ADVANCED, ADVANCED_PREVIEW.

     --recaptcha-redirect-site-key=RECAPTCHA_REDIRECT_SITE_KEY
        The reCAPTCHA site key to be used for rules using the redirect action
        and the google-recaptcha redirect type under the security policy.

     --request-body-inspection-size=REQUEST_BODY_INSPECTION_SIZE
        Maximum request body inspection size. REQUEST_BODY_INSPECTION_SIZE must
        be one of: 8KB, 16KB, 32KB, 48KB, 64KB.

     --user-ip-request-headers=[USER_IP_REQUEST_HEADER,...]
        A comma-separated list of request header names to use for resolving the
        caller's user IP address.

     At most one of these can be specified:

       --clear-network-ddos-impacted-baseline-threshold
          If provided, clears the Network DDoS impacted baseline threshold from
          the security policy.

       --network-ddos-impacted-baseline-threshold=NETWORK_DDOS_IMPACTED_BASELINE_THRESHOLD
          DDoS Protection for Network Load Balancers (and VMs with public IPs)
          builds DDoS mitigations that minimize collateral damage. It
          quantifies this as the fraction of a non-abuse baseline that's
          inadvertently blocked. Rules whose collateral damage exceeds
          ddosImpactedBaselineThreshold will not be deployed. Using a lower
          value will prioritize keeping collateral damage low, possibly at the
          cost of its effectiveness in rate limiting some or all of the attack.
          It should typically be unset, so Advanced DDoS (and Adaptive
          Protection) uses the best mitigation it can find. Setting the
          threshold is advised if there are logs for false positive detections
          with high collateral damage, and will cause Advanced DDoS to attempt
          to find a less aggressive rule that satisfies the constraint. If a
          suitable rule cannot be found, the system falls back to either no
          mitigation for smaller attacks or broader network throttles for
          larger ones.

     At most one of these can be specified:

       --global
          If set, the security policy is global.

       --region=REGION
          Region of the security policy to update. Overrides the default
          compute/region property value for this command invocation.

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.

NOTES
    This command is currently in alpha and might change without notice. If this
    command fails with API permission errors despite specifying the correct
    project, you might be trying to access an API with an invitation-only early
    access allowlist. These variants are also available:

        $ gcloud compute security-policies update

        $ gcloud beta compute security-policies update

