Viewing Alert Rule Templates
Function
List alert rule templates
Calling Method
For details, see Calling APIs.
URI
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/templates/{template_id}
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID. |
|
workspace_id |
Yes |
String |
Workspace ID. |
|
template_id |
Yes |
String |
Alert rule template ID. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
User token. You can obtain the token by calling the IAM API used to obtain a user token. |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
X-request-id |
String |
This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname. |
|
Parameter |
Type |
Description |
|---|---|---|
|
template_id |
String |
Alert rule template ID. |
|
update_time |
Long |
Update time. |
|
template_name |
String |
Name of the alert rule template. |
|
data_source |
String |
Data source. |
|
version |
String |
Version. |
|
query |
String |
Query statement. |
|
query_type |
String |
Query syntax: SQL. |
|
severity |
String |
Severity. The options are Informational, Low, Medium, High, and Critical. (TIPS, LOW, MEDIUM, HIGH, FATAL) |
|
custom_properties |
Map<String,String> |
Custom extension information. |
|
event_grouping |
Boolean |
Alert group. |
|
schedule |
Schedule object |
Schedule rule. |
|
triggers |
Array of AlertRuleTrigger objects |
Alert triggering rules. |
|
Parameter |
Type |
Description |
|---|---|---|
|
frequency_interval |
Integer |
Scheduling interval. |
|
frequency_unit |
String |
Scheduling interval unit, which can be minute, hour, or day. (MINUTE, HOUR, DAY) |
|
period_interval |
Integer |
Time window interval. |
|
period_unit |
String |
Time window unit, which can be minute, hour, or day. (MINUTE, HOUR, DAY.) |
|
delay_interval |
Integer |
Delay interval. |
|
overtime_interval |
Integer |
Timeout interval. |
|
Parameter |
Type |
Description |
|---|---|---|
|
mode |
String |
Mode and quantity. COUNT. |
|
operator |
String |
Operator. The value can be: EQ: Equal to NE: Not equal to GT: Greater than LT: Less than |
|
expression |
String |
expression |
|
severity |
String |
Severity. The options are Informational, Low, Medium, High, and Critical. (TIPS, LOW, MEDIUM, HIGH, FATAL) |
|
accumulated_times |
Integer |
accumulated_times |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
X-request-id |
String |
This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname. |
Example Requests
None
Example Responses
Status code: 200
Request succeeded.
{
"template_id" : "443a0117-1aa4-4595-ad4a-796fad4d4950",
"update_time" : 1665221214,
"template_name" : "Alert rule template",
"data_source" : "sec_hss_vul",
"version" : "1.0.0",
"query" : "* | select status, count(*) as count group by status",
"query_type" : "SQL",
"severity" : "TIPS",
"custom_properties" : {
"references" : "https://localhost/references",
"maintainer" : "isap"
},
"event_grouping" : true,
"schedule" : {
"frequency_interval" : 5,
"frequency_unit" : "MINUTE",
"period_interval" : 5,
"period_unit" : "MINUTE",
"delay_interval" : 2,
"overtime_interval" : 10
},
"triggers" : [ {
"mode" : "COUNT",
"operator" : "GT",
"expression" : 10,
"severity" : "TIPS"
} ]
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Request succeeded. |
|
400 |
Request failed. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
