Help Center/ SecMaster/ API Reference/ API/ Alert Rule Management/ Simulating an Alert Rule

Updated on 2024-12-25 GMT+08:00

View PDF

Simulating an Alert Rule

Function

Simulate alert rule

Calling Method

For details, see Calling APIs.

URI

POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/simulation

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. Project ID.
workspace_id	Yes	String	Workspace ID. Workspace ID.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. You can obtain the token by calling the IAM API used to obtain a user token. Token of an IAM user. To obtain it, call the corresponding IAM API.

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
pipe_id	Yes	String	Pipeline ID.Pipe ID.
query	Yes	String	Query.
query_type	No	String	SQL query syntax. Query type. SQL.
from	Yes	Long	Start time.Start time.
to	Yes	Long	End time.End time.
event_grouping	No	Boolean	Alert group. Incident group.
triggers	Yes	Array of AlertRuleTrigger objects	Alert triggering rules. Alert triggers.

**Table 4** AlertRuleTrigger
Parameter	Mandatory	Type	Description
mode	No	String	Number of modes. Mode. COUNT.
operator	No	String	Operator, which can be equal to, not equal to, greater than, or less than. operator. EQ equal, NE not equal, GT greater than, LT less than.
expression	Yes	String	expression
severity	No	String	Severity. The options are as follows - Tips - Low - Medium - High - FATAL.
accumulated_times	No	Integer	accumulated_times

Response Parameters

Status code: 200

**Table 5** Response header parameters
Parameter	Type	Description
X-request-id	String	This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname.

**Table 6** Response body parameters
Parameter	Type	Description
alert_count	Integer	Number of alarms. Alert count.
severity	String	Severity. The options are as follows - Tips - Low - Medium - High - Critical Severity.

Status code: 400

**Table 7** Response header parameters
Parameter	Type	Description
X-request-id	String	This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname.

Example Requests

Simulate an alarm rule. The ID of the pipe to which the alarm rule belongs is ead2769b-afb0-45dd-b9fa-a2953e6ac82f, the query type is SQL, and the severity is Warning.

{
  "pipe_id" : "ead2769b-afb0-45dd-b9fa-a2953e6ac82f",
  "query" : "* | select status, count(*) as count group by status",
  "query_type" : "SQL",
  "event_grouping" : true,
  "from" : 1665221214000,
  "to" : 1665546370000,
  "triggers" : [ {
    "mode" : "COUNT",
    "operator" : "GT",
    "expression" : 10,
    "severity" : "TIPS"
  } ]
}

Example Responses

Status code: 200

Success

{
  "alert_count" : 100,
  "severity" : "TIPS"
}

Status Codes

Status Code	Description
200	Success
400	Bad Request

Error Codes

See Error Codes.

Parent topic: Alert Rule Management

Previous topic: Updating an Alert Rule

Next topic: Total number of alert rules

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel