Updating an Alert Rule
Function
Update alert rule
Calling Method
For details, see Calling APIs.
URI
PUT /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/{rule_id}
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID. Project ID. Minimum: 32 Maximum: 36 |
|
workspace_id |
Yes |
String |
Workspace ID. Workspace ID. Minimum: 32 Maximum: 36 |
|
rule_id |
Yes |
String |
Alert rule ID. Minimum: 36 Maximum: 36 |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
User token. You can obtain the token by calling the IAM API used to obtain a user token. Token of an IAM user. To obtain it, call the corresponding IAM API. Minimum: 1 Maximum: 2097152 |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
rule_name |
No |
String |
Alert rule name. Minimum: 1 Maximum: 255 |
|
description |
No |
String |
Description.Description. Minimum: 0 Maximum: 1024 |
|
query |
No |
String |
Query. Minimum: 1 Maximum: 1024 |
|
query_type |
No |
String |
SQL query syntax. Query type. SQL. Default: SQL Minimum: 1 Maximum: 255 Enumeration values:
|
|
status |
No |
String |
Status. The options are as follows - Enabled - Disabled Default: ENABLED Minimum: 1 Maximum: 255 Enumeration values:
|
|
severity |
No |
String |
Severity. The options are as follows - Tips - Low - Medium - High - Critical Severity. Default: TIPS Minimum: 1 Maximum: 255 Enumeration values:
|
|
custom_properties |
No |
Map<String,String> |
Custom extension information. Custom properties. |
|
alert_type |
No |
Map<String,String> |
Alert type. Alert type. |
|
event_grouping |
No |
Boolean |
Alert group. Alert group. Default: true |
|
suppression |
No |
Boolean |
Alert containment. Suppression Default: true |
|
simulation |
No |
Boolean |
Simulated alerts. Simulation. Default: true |
|
schedule |
No |
Schedule object |
|
|
triggers |
No |
Array of AlertRuleTrigger objects |
Alert triggering rules. Alert triggers. Array Length: 1 - 5 |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
frequency_interval |
Yes |
Integer |
Scheduling interval. Frequency interval. Minimum: 1 Maximum: 60 |
|
frequency_unit |
Yes |
String |
The unit of the scheduling interval. The value can be minute, hour, or day. Frequency unit. MINUTE, HOUR, DAY. Minimum: 1 Maximum: 255 Enumeration values:
|
|
period_interval |
Yes |
Integer |
Time window interval. Period interval. Minimum: 1 Maximum: 60 |
|
period_unit |
Yes |
String |
Time Window unit. The value can be minute, hour, or day. Period unit. MINUTE, HOUR, DAY. Minimum: 1 Maximum: 255 Enumeration values:
|
|
delay_interval |
No |
Integer |
The delay interval. Delay interval Minimum: 0 Maximum: 10 Default: 0 |
|
overtime_interval |
No |
Integer |
Timeout interval. Overtime interval Minimum: 0 Maximum: 10 Default: 10 |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
mode |
No |
String |
Number of modes. Mode. COUNT. Default: COUNT Minimum: 1 Maximum: 255 Enumeration values:
|
|
operator |
No |
String |
Operator, which can be equal to, not equal to, greater than, or less than. operator. EQ equal, NE not equal, GT greater than, LT less than. Default: GT Minimum: 1 Maximum: 255 Enumeration values:
|
|
expression |
Yes |
String |
expression Minimum: 1 Maximum: 255 |
|
severity |
No |
String |
Severity. The options are as follows - Tips - Low - Medium - High - Critical Severity. Minimum: 1 Maximum: 255 Enumeration values:
|
|
accumulated_times |
No |
Integer |
accumulated_times Minimum: 1 Maximum: 1000 Default: 1 |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
X-request-id |
String |
This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname. |
|
Parameter |
Type |
Description |
|---|---|---|
|
rule_id |
String |
Alert rule ID. Minimum: 36 Maximum: 36 |
|
pipe_id |
String |
Pipeline ID.Pipe ID. Minimum: 36 Maximum: 36 |
|
pipe_name |
String |
Data pipeline name.Pipe name. Minimum: 5 Maximum: 63 |
|
create_by |
String |
Created by. Created by. Minimum: 1 Maximum: 255 |
|
create_time |
Long |
Creation time. Create time. Minimum: 0 Maximum: 9223372036854775807 |
|
update_by |
String |
Updated by. Update by. Minimum: 1 Maximum: 255 |
|
update_time |
Long |
Update time. Update time. Minimum: 0 Maximum: 9223372036854775807 |
|
delete_time |
Long |
The deletion time. Delete time. Minimum: 0 Maximum: 9223372036854775807 |
|
rule_name |
String |
Alert rule name. Minimum: 1 Maximum: 255 |
|
query |
String |
Query. Minimum: 1 Maximum: 1024 |
|
query_type |
String |
SQL query syntax. Query type. SQL. Default: SQL Minimum: 1 Maximum: 255 Enumeration values:
|
|
status |
String |
Status. The options are as follows - Enabled - Disabled Default: ENABLED Minimum: 1 Maximum: 255 Enumeration values:
|
|
severity |
String |
Severity. The options are as follows - Tips - Low - Medium - High - Critical Severity. Default: TIPS Minimum: 1 Maximum: 255 Enumeration values:
|
|
custom_properties |
Map<String,String> |
Custom extension information. Custom properties. |
|
event_grouping |
Boolean |
Alert group. Alert group. Default: true |
|
schedule |
Schedule object |
|
|
triggers |
Array of AlertRuleTrigger objects |
Alert triggering rules. Alert triggers. Array Length: 1 - 5 |
|
Parameter |
Type |
Description |
|---|---|---|
|
frequency_interval |
Integer |
Scheduling interval. Frequency interval. Minimum: 1 Maximum: 60 |
|
frequency_unit |
String |
The unit of the scheduling interval. The value can be minute, hour, or day. Frequency unit. MINUTE, HOUR, DAY. Minimum: 1 Maximum: 255 Enumeration values:
|
|
period_interval |
Integer |
Time window interval. Period interval. Minimum: 1 Maximum: 60 |
|
period_unit |
String |
Time Window unit. The value can be minute, hour, or day. Period unit. MINUTE, HOUR, DAY. Minimum: 1 Maximum: 255 Enumeration values:
|
|
delay_interval |
Integer |
The delay interval. Delay interval Minimum: 0 Maximum: 10 Default: 0 |
|
overtime_interval |
Integer |
Timeout interval. Overtime interval Minimum: 0 Maximum: 10 Default: 10 |
|
Parameter |
Type |
Description |
|---|---|---|
|
mode |
String |
Number of modes. Mode. COUNT. Default: COUNT Minimum: 1 Maximum: 255 Enumeration values:
|
|
operator |
String |
Operator, which can be equal to, not equal to, greater than, or less than. operator. EQ equal, NE not equal, GT greater than, LT less than. Default: GT Minimum: 1 Maximum: 255 Enumeration values:
|
|
expression |
String |
expression Minimum: 1 Maximum: 255 |
|
severity |
String |
Severity. The options are as follows - Tips - Low - Medium - High - Critical Severity. Minimum: 1 Maximum: 255 Enumeration values:
|
|
accumulated_times |
Integer |
accumulated_times Minimum: 1 Maximum: 1000 Default: 1 |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
X-request-id |
String |
This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname. |
Example Requests
Update an alert rule whose name is Alert rule, query type is SQL, status is Enabled, and Severity is Warning.
{
"rule_name" : "Alert rule",
"query" : "* | select status, count(*) as count group by status",
"query_type" : "SQL",
"status" : "ENABLED",
"severity" : "TIPS",
"custom_properties" : {
"references" : "https://localhost/references",
"maintainer" : "isap"
},
"event_grouping" : true,
"schedule" : {
"frequency_interval" : 5,
"frequency_unit" : "MINUTE",
"period_interval" : 5,
"period_unit" : "MINUTE",
"delay_interval" : 2,
"overtime_interval" : 10
},
"triggers" : [ {
"mode" : "COUNT",
"operator" : "GT",
"expression" : 10,
"severity" : "TIPS"
} ]
}
Example Responses
Status code: 200
Success
{
"rule_id" : "443a0117-1aa4-4595-ad4a-796fad4d4950",
"pipe_id" : "772fb35b-83bc-46c9-a0b1-ebe31070a889",
"create_by" : "582dd19dd99d4505a1d7929dc943b169",
"create_time" : 1665221214,
"update_by" : "582dd19dd99d4505a1d7929dc943b169",
"update_time" : 1665221214,
"delete_time" : 0,
"rule_name" : "Alert rule",
"query" : "* | select status, count(*) as count group by status",
"query_type" : "SQL",
"status" : "ENABLED",
"severity" : "TIPS",
"custom_properties" : {
"references" : "https://localhost/references",
"maintainer" : "isap"
},
"event_grouping" : true,
"schedule" : {
"frequency_interval" : 5,
"frequency_unit" : "MINUTE",
"period_interval" : 5,
"period_unit" : "MINUTE",
"delay_interval" : 2,
"overtime_interval" : 10
},
"triggers" : [ {
"mode" : "COUNT",
"operator" : "GT",
"expression" : 10,
"severity" : "TIPS"
} ]
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Success |
|
400 |
Bad Request |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
