Method: folders.locations.eventThreatDetectionCustomModules.patch

Updates the Event Threat Detection custom module with the given name based on the given update mask. Updating the enablement state is supported for both resident and inherited modules (though resident modules cannot have an enablement state of "inherited"). Updating the display name or configuration of a module is supported for resident modules only. The type of a module cannot be changed.

HTTP request


The URL uses gRPC Transcoding syntax.

Path parameters



Identifier. The resource name of the ETD custom module.

Its format is:

  • "organizations/{organization}/locations/{location}/eventThreatDetectionCustomModules/{eventThreatDetectionCustomModule}".
  • "folders/{folder}/locations/{location}/eventThreatDetectionCustomModules/{eventThreatDetectionCustomModule}".
  • "projects/{project}/locations/{location}/eventThreatDetectionCustomModules/{eventThreatDetectionCustomModule}".

Query parameters


string (FieldMask format)

Required. Field mask is used to specify the fields to be overwritten in the EventThreatDetectionCustomModule resource by the update. The fields specified in the updateMask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten.

This is a comma-separated list of fully qualified names of fields. Example: "user.displayName,photo".



Optional. When set to true, only validations (including IAM checks) will done for the request (module will not be updated). An OK response indicates the request is valid while an error response indicates the request is invalid. Note that a subsequent request to actually update the module could still fail because 1. the state could have changed (e.g. IAM permission lost) or 2. A failure occurred while trying to update the module.

Request body

The request body contains an instance of EventThreatDetectionCustomModule.

Response body

If successful, the response body contains an instance of EventThreatDetectionCustomModule.

Authorization scopes

Requires the following OAuth scope:


For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the name resource:

  • securitycentermanagement.eventThreatDetectionCustomModules.update

For more information, see the IAM documentation.