文档首页> 安全云脑 SecMaster> API参考> API> 告警规则管理> 列出告警规则
更新时间:2024-03-20 GMT+08:00
在线调试
CLI示例
查看PDF
分享

列出告警规则

功能介绍

List alert rules

调用方法

请参见如何调用API

URI

GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules

表1 路径参数

参数

是否必选

参数类型

描述

project_id

String

项目 ID。Project ID.

最小长度:32

最大长度:36

workspace_id

String

工作空间 ID。Workspace ID.

最小长度:32

最大长度:36
表2 Query参数

参数

是否必选

参数类型

描述

offset

Long

偏移量。Offset.

最小值:0

最大值:9223372036854775807

limit

Long

条数。Limit.

最小值:10

最大值:50

sort_key

String

排序字段。Sort key

最小长度:1

最大长度:256

sort_dir

String

排序顺序,顺序、逆序。Sort direction, asc, desc。

枚举值:

  • asc

  • desc

pipe_id

String

数据管道 ID。Pipe ID.

最小长度:36

最大长度:36

rule_name

String

告警规则名称。Alert rule name.

最小长度:1

最大长度:256

rule_id

String

告警规则 ID。Alert rule ID.

最小长度:36

最大长度:36

status

Array

启用状态,启用、停用。Status, enabled, disabled.

最小长度:1

最大长度:256

数组长度:1 - 2

枚举值:

  • ENABLED

  • DISABLED

severity

Array

严重程度,提示、低危、中危、高危、致命。Severity. TIPS, LOW, MEDIUM, HIGH, FATAL

数组长度:1 - 5

枚举值:

  • TIPS

  • LOW

  • MEDIUM

  • HIGH

  • FATAL

请求参数

表3 请求Header参数

参数

是否必选

参数类型

描述

X-Auth-Token

String

用户Token,通过调用IAM服务获取用户Token接口获取。 IAM user token, fetch from IAM api.

最小长度:1

最大长度:2097152

响应参数

状态码: 200

表4 响应Header参数

参数

参数类型

描述

X-request-id

String

This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname.
表5 响应Body参数

参数

参数类型

描述

count

Long

总数量。Total count.

最小值:0

最大值:9223372036854775807

records

Array of AlertRule objects

告警模型。Alert rules.

数组长度:0 - 100
表6 AlertRule

参数

参数类型

描述

rule_id

String

告警规则 ID。Alert rule ID.

最小长度:36

最大长度:36

pipe_id

String

数据管道 ID。Pipe ID.

最小长度:36

最大长度:36

pipe_name

String

数据管道名称。Pipe name.

最小长度:5

最大长度:63

create_by

String

创建人。Create by.

最小长度:1

最大长度:255

create_time

Long

创建时间。Create time.

最小值:0

最大值:9223372036854775807

update_by

String

更新人。Update by.

最小长度:1

最大长度:255

update_time

Long

更新时间。Update time.

最小值:0

最大值:9223372036854775807

delete_time

Long

删除时间。Delete time.

最小值:0

最大值:9223372036854775807

rule_name

String

告警规则名称。Alert rule name.

最小长度:1

最大长度:255

query

String

查询语句。Query.

最小长度:1

最大长度:1024

query_type

String

查询语法,SQL。Query type. SQL.

缺省值:SQL

最小长度:1

最大长度:255

枚举值:

  • SQL

status

String

启用状态,启用、停用。Status, enabled, disabled.

缺省值:ENABLED

最小长度:1

最大长度:255

枚举值:

  • ENABLED

  • DISABLED

severity

String

严重程度,提示、低危、中危、高危、致命。Severity. TIPS, LOW, MEDIUM, HIGH, FATAL

缺省值:TIPS

最小长度:1

最大长度:255

枚举值:

  • TIPS

  • LOW

  • MEDIUM

  • HIGH

  • FATAL

custom_properties

Map<String,String>

自定义扩展信息。Custom properties.

event_grouping

Boolean

告警分组。Event grouping.

缺省值:true

schedule

Schedule object

triggers

Array of AlertRuleTrigger objects

告警触发规则。Alert triggers.

数组长度:1 - 5
表7 Schedule

参数

参数类型

描述

frequency_interval

Integer

调度间隔。Frequency interval.

最小值:1

最大值:60

frequency_unit

String

调度间隔单位,分钟、小时、天。Frequency unit. MINUTE, HOUR, DAY.

最小长度:1

最大长度:255

枚举值:

  • MINUTE

  • HOUR

  • DAY

period_interval

Integer

时间窗口间隔。Period interval.

最小值:1

最大值:60

period_unit

String

时间窗口单位,分钟、小时、天。Period unit. MINUTE, HOUR, DAY.

最小长度:1

最大长度:255

枚举值:

  • MINUTE

  • HOUR

  • DAY

delay_interval

Integer

延迟间隔。Delay interval

最小值:0

最大值:10

缺省值:0

overtime_interval

Integer

超时间隔。Overtime interval

最小值:0

最大值:10

缺省值:10
表8 AlertRuleTrigger

参数

参数类型

描述

mode

String

模式,数量。Mode. COUNT.

缺省值:COUNT

最小长度:1

最大长度:255

枚举值:

  • COUNT

operator

String

操作符,等于、不等于、大于、小于。 operator. EQ equal, NE not equal, GT greater than, LT less than.

缺省值:GT

最小长度:1

最大长度:255

枚举值:

  • EQ

  • NE

  • GT

  • LT

expression

String

expression

最小长度:1

最大长度:255

severity

String

严重程度,提示、低危、中危、高危、致命。Severity. TIPS, LOW, MEDIUM, HIGH, FATAL

最小长度:1

最大长度:255

枚举值:

  • TIPS

  • LOW

  • MEDIUM

  • HIGH

  • FATAL

accumulated_times

Integer

accumulated_times

最小值:1

最大值:1000

缺省值:1

状态码: 400

表9 响应Header参数

参数

参数类型

描述

X-request-id

String

This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname.

请求示例

响应示例

状态码: 200

Success

{
  "count" : 9223372036854776000,
  "records" : [ {
    "rule_id" : "443a0117-1aa4-4595-ad4a-796fad4d4950",
    "pipe_id" : "772fb35b-83bc-46c9-a0b1-ebe31070a889",
    "create_by" : "582dd19dd99d4505a1d7929dc943b169",
    "create_time" : 1665221214,
    "update_by" : "582dd19dd99d4505a1d7929dc943b169",
    "update_time" : 1665221214,
    "delete_time" : 0,
    "rule_name" : "Alert rule",
    "query" : "* | select status, count(*) as count group by status",
    "query_type" : "SQL",
    "status" : "ENABLED",
    "severity" : "TIPS",
    "custom_properties" : {
      "references" : "https://localhost/references",
      "maintainer" : "isap"
    },
    "event_grouping" : true,
    "schedule" : {
      "frequency_interval" : 5,
      "frequency_unit" : "MINUTE",
      "period_interval" : 5,
      "period_unit" : "MINUTE",
      "delay_interval" : 2,
      "overtime_interval" : 10
    },
    "triggers" : [ {
      "mode" : "COUNT",
      "operator" : "GT",
      "expression" : 10,
      "severity" : "TIPS"
    } ]
  } ]
}

SDK代码示例

SDK代码示例如下。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.secmaster.v2.region.SecMasterRegion;
import com.huaweicloud.sdk.secmaster.v2.*;
import com.huaweicloud.sdk.secmaster.v2.model.*;

import java.util.List;
import java.util.ArrayList;

public class ListAlertRulesSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");

        ICredential auth = new BasicCredentials()
                .withAk(ak)
                .withSk(sk);

        SecMasterClient client = SecMasterClient.newBuilder()
                .withCredential(auth)
                .withRegion(SecMasterRegion.valueOf("<YOUR REGION>"))
                .build();
        ListAlertRulesRequest request = new ListAlertRulesRequest();
        request.withOffset(<offset>L);
        request.withLimit(<limit>L);
        request.withSortKey("<sort_key>");
        request.withSortDir(ListAlertRulesRequest.SortDirEnum.fromValue("<sort_dir>"));
        request.withPipeId("<pipe_id>");
        request.withRuleName("<rule_name>");
        request.withRuleId("<rule_id>");
        request.withStatus();
        request.withSeverity();
        try {
            ListAlertRulesResponse response = client.listAlertRules(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# coding: utf-8

from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdksecmaster.v2.region.secmaster_region import SecMasterRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdksecmaster.v2 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = __import__('os').getenv("CLOUD_SDK_AK")
    sk = __import__('os').getenv("CLOUD_SDK_SK")

    credentials = BasicCredentials(ak, sk) \

    client = SecMasterClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(SecMasterRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListAlertRulesRequest()
        request.offset = <offset>
        request.limit = <limit>
        request.sort_key = "<sort_key>"
        request.sort_dir = "<sort_dir>"
        request.pipe_id = "<pipe_id>"
        request.rule_name = "<rule_name>"
        request.rule_id = "<rule_id>"
        request.status = 
        request.severity = 
        response = client.list_alert_rules(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    secmaster "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        Build()

    client := secmaster.NewSecMasterClient(
        secmaster.SecMasterClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListAlertRulesRequest{}
	request.Offset = int64(<offset>)
	request.Limit = int64(<limit>)
	sortKeyRequest:= "<sort_key>"
	request.SortKey = &sortKeyRequest
	sortDirRequest:= model.GetListAlertRulesRequestSortDirEnum().<SORT_DIR>
	request.SortDir = &sortDirRequest
	pipeIdRequest:= "<pipe_id>"
	request.PipeId = &pipeIdRequest
	ruleNameRequest:= "<rule_name>"
	request.RuleName = &ruleNameRequest
	ruleIdRequest:= "<rule_id>"
	request.RuleId = &ruleIdRequest
	response, err := client.ListAlertRules(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。

状态码

状态码

描述

200

Success

400

Bad Request

错误码

请参见错误码

父主题: 告警规则管理
分享:

    相关文档

    相关产品