Viewing Alert Rule Templates
Function
List alert rule templates
Calling Method
For details, see Calling APIs.
URI
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/templates/{template_id}
Parameter | Mandatory | Type | Description |
|---|---|---|---|
project_id | Yes | String | Project ID. Project ID. |
workspace_id | Yes | String | Workspace ID. Workspace ID. |
template_id | Yes | String | Alert rule template ID. Alert rule template ID. |
Request Parameters
Parameter | Mandatory | Type | Description |
|---|---|---|---|
X-Auth-Token | Yes | String | User token. You can obtain the token by calling the IAM API used to obtain a user token. Token of an IAM user. To obtain it, call the corresponding IAM API. |
Response Parameters
Status code: 200
Parameter | Type | Description |
|---|---|---|
X-request-id | String | This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname. |
Parameter | Type | Description |
|---|---|---|
template_id | String | Alert rule template ID. Alert rule template ID. |
update_time | Long | Update time.Update time. |
template_name | String | Alert rule template ID. Alert rule template ID. |
data_source | String | Data source. Data source. |
version | String | Version. Version |
query | String | Query. |
query_type | String | SQL query syntax, SQL. Query type. SQL. |
severity | String | Severity. The options are as follows - Tips - Low - Medium - High - FATAL. |
custom_properties | Map<String,String> | Custom extension information. Custom properties. |
event_grouping | Boolean | Alert group. Alert group. |
schedule | Schedule object | Schedule Rule. |
triggers | Array of AlertRuleTrigger objects | Alert triggering rules. Alert triggers. |
Parameter | Type | Description |
|---|---|---|
frequency_interval | Integer | Scheduling interval. Frequency interval. |
frequency_unit | String | The unit of the scheduling interval. The value can be minute, hour, or day. Frequency unit. MINUTE, HOUR, DAY. |
period_interval | Integer | Time window interval. Period interval. |
period_unit | String | Time Window unit. The value can be minute, hour, or day. Period unit. MINUTE, HOUR, DAY. |
delay_interval | Integer | The delay interval. Delay interval |
overtime_interval | Integer | Timeout interval. Overtime interval |
Parameter | Type | Description |
|---|---|---|
mode | String | Number of modes. Mode. COUNT. |
operator | String | Operator, which can be equal to, not equal to, greater than, or less than. operator. EQ equal, NE not equal, GT greater than, LT less than. |
expression | String | expression |
severity | String | Severity. The options are as follows - Tips - Low - Medium - High - FATAL. |
accumulated_times | Integer | accumulated_times |
Status code: 400
Parameter | Type | Description |
|---|---|---|
X-request-id | String | This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname. |
Example Requests
None
Example Responses
Status code: 200
Success
{
"template_id" : "443a0117-1aa4-4595-ad4a-796fad4d4950",
"update_time" : 1665221214,
"template_name" : "Alert rule template",
"data_source" : "sec_hss_vul",
"version" : "1.0.0",
"query" : "* | select status, count(*) as count group by status",
"query_type" : "SQL",
"severity" : "TIPS",
"custom_properties" : {
"references" : "https://localhost/references",
"maintainer" : "isap"
},
"event_grouping" : true,
"schedule" : {
"frequency_interval" : 5,
"frequency_unit" : "MINUTE",
"period_interval" : 5,
"period_unit" : "MINUTE",
"delay_interval" : 2,
"overtime_interval" : 10
},
"triggers" : [ {
"mode" : "COUNT",
"operator" : "GT",
"expression" : 10,
"severity" : "TIPS"
} ]
} Status Codes
Status Code | Description |
|---|---|
200 | Success |
400 | Bad Request |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
