Help Center/ SecMaster/ API Reference (Kuala Lumpur Region)/ API/ Alert Rule Management/ Enabling an Alert Rule
Updated on 2025-07-04 GMT+08:00
Online Debugging
CLI Examples
View PDF
Share

Enabling an Alert Rule

Function

Enable alert rule

Calling Method

For details, see Calling APIs.

URI

POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/enable

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID.

workspace_id

Yes

String

Workspace ID.

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token. You can obtain the token by calling the IAM API used to obtain a user token.
Table 3 Request body parameters

Parameter

Mandatory

Type

Description

[items]

Yes

Array of strings

Request for enabling an alert rule.

Response Parameters

Status code: 200

Table 4 Response header parameters

Parameter

Type

Description

X-request-id

String

This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname.
Table 5 Response body parameters

Parameter

Type

Description

fail_list

Array of AlertRule objects

Alert rule ID.

success_list

Array of AlertRule objects

Alert rule ID.
Table 6 AlertRule

Parameter

Type

Description

rule_id

String

Alert rule ID.

pipe_id

String

Data pipeline ID.

pipe_name

String

Data pipeline name.

create_by

String

Creator.

create_time

Long

Creation time.

update_by

String

Updater.

update_time

Long

Update time.

delete_time

Long

Deletion time.

rule_name

String

Alert rule name.

query

String

Query statement.

query_type

String

Query syntax: SQL.

status

String

Status.

enabled: The rule is enabled.

disabled: The rule is disabled.

severity

String

Severity. The options are Informational, Low, Medium, High, and Critical. (TIPS, LOW, MEDIUM, HIGH, FATAL)

custom_properties

Map<String,String>

Custom extension information.

event_grouping

Boolean

Alert group.

schedule

Schedule object

Schedule rule.

triggers

Array of AlertRuleTrigger objects

Alert triggering rules.
Table 7 Schedule

Parameter

Type

Description

frequency_interval

Integer

Scheduling interval.

frequency_unit

String

Scheduling interval unit, which can be minute, hour, or day. (MINUTE, HOUR, DAY)

period_interval

Integer

Time window interval.

period_unit

String

Time window unit, which can be minute, hour, or day. (MINUTE, HOUR, DAY.)

delay_interval

Integer

Delay interval.

overtime_interval

Integer

Timeout interval.
Table 8 AlertRuleTrigger

Parameter

Type

Description

mode

String

Mode and quantity. COUNT.

operator

String

Operator. The value can be:

EQ: Equal to

NE: Not equal to

GT: Greater than

LT: Less than

expression

String

expression

severity

String

Severity. The options are Informational, Low, Medium, High, and Critical. (TIPS, LOW, MEDIUM, HIGH, FATAL)

accumulated_times

Integer

accumulated_times

Status code: 400

Table 9 Response header parameters

Parameter

Type

Description

X-request-id

String

This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname.

Example Requests

Enable an alert rule. Rule ID: 123123.

[ "123123" ]

Example Responses

Status code: 200

Request succeeded.

{
  "fail_list" : [ ],
  "success_list" : [ ]
}

Status Codes

Status Code

Description

200

Request succeeded.

400

Request failed.

Error Codes

See Error Codes.

Parent topic: Alert Rule Management