Listing Alert Rules
Function
List alert rules
Calling Method
For details, see Calling APIs.
URI
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID. |
|
workspace_id |
Yes |
String |
Workspace ID. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
offset |
Yes |
Long |
Offset. |
|
limit |
Yes |
Long |
Number of items. |
|
sort_key |
No |
String |
Sorting field. |
|
sort_dir |
No |
String |
Sorting order. You can sort fields in ascending or descending order. |
|
pipe_id |
No |
String |
Data pipeline ID. |
|
rule_name |
No |
String |
Alert rule name. |
|
rule_id |
No |
String |
Alert rule ID. |
|
status |
No |
Array of strings |
Status. enabled: The rule is enabled. disabled: The rule is disabled. |
|
severity |
No |
Array of strings |
Severity. The options are Informational, Low, Medium, High, and Critical. (TIPS, LOW, MEDIUM, HIGH, FATAL) |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
User token. You can obtain the token by calling the IAM API used to obtain a user token. |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
X-request-id |
String |
This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname. |
|
Parameter |
Type |
Description |
|---|---|---|
|
count |
Long |
Total number. |
|
records |
Array of AlertRule objects |
Alert model. |
|
Parameter |
Type |
Description |
|---|---|---|
|
rule_id |
String |
Alert rule ID. |
|
pipe_id |
String |
Data pipeline ID. |
|
pipe_name |
String |
Data pipeline name. |
|
create_by |
String |
Creator. |
|
create_time |
Long |
Creation time. |
|
update_by |
String |
Updater. |
|
update_time |
Long |
Update time. |
|
delete_time |
Long |
Deletion time. |
|
rule_name |
String |
Alert rule name. |
|
query |
String |
Query statement. |
|
query_type |
String |
Query syntax: SQL. |
|
status |
String |
Status. enabled: The rule is enabled. disabled: The rule is disabled. |
|
severity |
String |
Severity. The options are Informational, Low, Medium, High, and Critical. (TIPS, LOW, MEDIUM, HIGH, FATAL) |
|
custom_properties |
Map<String,String> |
Custom extension information. |
|
event_grouping |
Boolean |
Alert group. |
|
schedule |
Schedule object |
Schedule rule. |
|
triggers |
Array of AlertRuleTrigger objects |
Alert triggering rules. |
|
Parameter |
Type |
Description |
|---|---|---|
|
frequency_interval |
Integer |
Scheduling interval. |
|
frequency_unit |
String |
Scheduling interval unit, which can be minute, hour, or day. (MINUTE, HOUR, DAY) |
|
period_interval |
Integer |
Time window interval. |
|
period_unit |
String |
Time window unit, which can be minute, hour, or day. (MINUTE, HOUR, DAY.) |
|
delay_interval |
Integer |
Delay interval. |
|
overtime_interval |
Integer |
Timeout interval. |
|
Parameter |
Type |
Description |
|---|---|---|
|
mode |
String |
Mode and quantity. COUNT. |
|
operator |
String |
Operator. The value can be: EQ: Equal to NE: Not equal to GT: Greater than LT: Less than |
|
expression |
String |
expression |
|
severity |
String |
Severity. The options are Informational, Low, Medium, High, and Critical. (TIPS, LOW, MEDIUM, HIGH, FATAL) |
|
accumulated_times |
Integer |
accumulated_times |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
X-request-id |
String |
This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname. |
Example Requests
None
Example Responses
Status code: 200
Request succeeded.
{
"count" : 9223372036854776000,
"records" : [ {
"rule_id" : "443a0117-1aa4-4595-ad4a-796fad4d4950",
"pipe_id" : "772fb35b-83bc-46c9-a0b1-ebe31070a889",
"create_by" : "582dd19dd99d4505a1d7929dc943b169",
"create_time" : 1665221214,
"update_by" : "582dd19dd99d4505a1d7929dc943b169",
"update_time" : 1665221214,
"delete_time" : 0,
"rule_name" : "Alert rule",
"query" : "* | select status, count(*) as count group by status",
"query_type" : "SQL",
"status" : "ENABLED",
"severity" : "TIPS",
"custom_properties" : {
"references" : "https://localhost/references",
"maintainer" : "isap"
},
"event_grouping" : true,
"schedule" : {
"frequency_interval" : 5,
"frequency_unit" : "MINUTE",
"period_interval" : 5,
"period_unit" : "MINUTE",
"delay_interval" : 2,
"overtime_interval" : 10
},
"triggers" : [ {
"mode" : "COUNT",
"operator" : "GT",
"expression" : 10,
"severity" : "TIPS"
} ]
} ]
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Request succeeded. |
|
400 |
Request failed. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
