Updating an Alert Rule

Function

This API is used to update an alert rule.

Calling Method

For details, see Calling APIs.

URI

PUT /v2/{project_id}/workspaces/{workspace_id}/siem/alert-rules/{alert_rule_id}

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition Project ID, which is used to specify the project that a resource belongs to. You can query the resources of a project by project ID. You can obtain the project ID from the API or console. Obtaining the Project ID Constraints N/A Range N/A Default Value N/A
workspace_id	Yes	String	Workspace ID.
alert_rule_id	Yes	String	Alert rule ID.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition User token. You can obtain it by calling the IAM API for obtaining a user token. The user token is the value of X-Subject-Token in the response header. Obtaining a User Token Constraints N/A Range N/A Default Value N/A

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
alert_rule_name	No	String	Alert rule name.
description	No	String	Alert rule description.
directory	No	String	Directory group.
script	No	String	Job script.
status	No	String	Definition Job status. ENABLED DISABLED Constraints N/A Range ENABLED DISABLED Default Value N/A
job_mode_setting	No	IsapJobModeSettingDto object	Data transmission object for job mode settings.
job_output_setting	No	IsapJobOutputSetting object	Job output settings.
environment	No	String	Definition Environment type. PROD: production environment TEST: test environment Constraints N/A Range PROD TEST Default Value N/A
output_table_id	No	String	UUID
output_table_ids	No	Array of strings	Output table ID list.
output_table_names	No	Array of strings	Output table name list.
publish_status	No	String	Release status: This parameter applies only to industry monitoring accounts and is unavailable to others.

**Table 4** IsapJobModeSettingDto
Parameter	Mandatory	Type	Description
batch_overtime_interval	No	Integer	Integer interval.
batch_overtime_unit	No	String	Definition Time unit. MINUTE HOUR DAY MONTH: month Constraints N/A Range MINUTE HOUR DAY MONTH Default Value N/A
batch_frequency_interval	No	Integer	Integer interval.
batch_frequency_unit	No	String	Definition Time unit. MINUTE HOUR DAY MONTH: month Constraints N/A Range MINUTE HOUR DAY MONTH Default Value N/A
streaming_state_ttl_interval	No	Integer	Integer interval.
streaming_state_ttl_unit	No	String	Definition Time unit. MINUTE HOUR DAY MONTH: month Constraints N/A Range MINUTE HOUR DAY MONTH Default Value N/A
streaming_checkpoint_ttl_interval	No	Integer	Integer interval.
streaming_checkpoint_ttl_unit	No	String	Definition Time unit. MINUTE HOUR DAY MONTH: month Constraints N/A Range MINUTE HOUR DAY MONTH Default Value N/A
streaming_startup_mode	No	String	Definition Job startup mode. UPGRADE: startup in upgrade mode REFRESH_NEW: startup in refresh mode Constraints N/A Range UPGRADE REFRESH_NEW Default Value N/A
batch_overtime_strategy_interval	No	Integer	Integer interval.
batch_overtime_strategy_unit	No	String	Definition Time unit. MINUTE HOUR DAY MONTH: month Constraints N/A Range MINUTE HOUR DAY MONTH Default Value N/A
search_delay_interval	No	Integer	Integer interval.
search_delay_unit	No	String	Definition Time unit. MINUTE HOUR DAY MONTH: month Constraints N/A Range MINUTE HOUR DAY MONTH Default Value N/A
search_frequency_interval	No	Integer	Integer interval.
search_frequency_unit	No	String	Definition Time unit. MINUTE HOUR DAY MONTH: month Constraints N/A Range MINUTE HOUR DAY MONTH Default Value N/A
search_overtime_interval	No	Integer	Integer interval.
search_overtime_unit	No	String	Definition Time unit. MINUTE HOUR DAY MONTH: month Constraints N/A Range MINUTE HOUR DAY MONTH Default Value N/A
search_period_interval	No	Integer	Integer interval.
search_period_unit	No	String	Definition Time unit. MINUTE HOUR DAY MONTH: month Constraints N/A Range MINUTE HOUR DAY MONTH Default Value N/A
search_table_id	No	String	UUID
search_table_name	No	String	Table name.
field_not_null_policy	No	String	Definition Policy for processing non-empty fields in job tables. LOOSE STRICT Constraints N/A Value Range LOOSE STRICT Default Value LOOSE
dss_id	No	Integer	Long integer interval.

**Table 5** IsapJobOutputSetting
Parameter	Mandatory	Type	Description
alert_custom_properties	No	Map<String,String>	Mapping table.
alert_description	No	String	Alert description.
alert_grouping	No	Boolean	Group flag.
alert_mapping	No	Map<String,String>	Mapping table.
alert_name	No	String	Alert name.
alert_remediation	No	String	Alert handling suggestion.
alert_severity	No	String	Definition Alert severity. TIPS: informational LOW: low risk MEDIUM: medium risk HIGH: high risk FATAL: critical Constraints N/A Range TIPS LOW MEDIUM HIGH FATAL Default Value N/A
alert_suppression	No	Boolean	Suppression flag.
alert_type	No	Map<String,String>	Alert type mapping table.
entity_extraction	No	Map<String,String>	Extracted entity.
field_mapping	No	Map<String,String>	Field mapping.

Response Parameters

Status code: 200

**Table 6** Response body parameters
Parameter	Type	Description
alert_rule_id	String	UUID
alert_rule_name	String	Alert rule name.
script	String	Job script.
status	String	Definition Job status. ENABLED DISABLED Constraints N/A Range ENABLED DISABLED Default Value N/A
directory	String	Directory group.
description	String	Alert rule description.
job_mode	String	Definition Job mode. STREAMING: streaming processing BATCH: batch processing SEARCH: retrieval Constraints N/A Range STREAMING BATCH SEARCH Default Value N/A
job_mode_setting	IsapJobModeSettingVo object	Job mode settings.
job_output_setting	AlertRuleJobSetting object	Alert rule job settings
process_status	String	Definition Job processing status. COMPLETED: completed. CREATING: being created UPDATING: being updated ENABLING: being enabled DISABLING: being disabled DELETING: being deleted CREATE_FAILED: creation failed UPDATE_FAILED: update failed ENABLE_FAILED: enabling failed DISABLE_FAILED: disabling failed DELETE_FAILED: deletion failed RECOVERING: being recovered Constraints N/A Range COMPLETED CREATING UPDATING ENABLING DISABLING DELETING CREATE_FAILED UPDATE_FAILED ENABLE_FAILED DISABLE_FAILED DELETE_FAILED RECOVERING Default Value N/A
process_error	String	Definition Alert rule processing error. NONE Constraints N/A Range NONE Default Value N/A
environment	String	Definition Environment type. PROD: production environment TEST: test environment Constraints N/A Range PROD TEST Default Value N/A
output_table_id	String	UUID
output_table_name	String	Table name.
output_table_ids	Array of strings	Output table ID list.
output_table_names	Array of strings	Output table name list.
create_by	String	Creator.
create_time	Integer	Timestamp, in ms.
update_by	String	Updater.
update_time	Integer	Timestamp, in ms.
delete_time	Integer	Timestamp, in ms.

**Table 7** IsapJobModeSettingVo
Parameter	Type	Description
batch_overtime_interval	Integer	Integer interval.
batch_overtime_unit	String	Definition Time unit. MINUTE HOUR DAY MONTH: month Constraints N/A Range MINUTE HOUR DAY MONTH Default Value N/A
batch_frequency_interval	Integer	Integer interval.
batch_frequency_unit	String	Definition Time unit. MINUTE HOUR DAY MONTH: month Constraints N/A Range MINUTE HOUR DAY MONTH Default Value N/A
streaming_state_ttl_interval	Integer	Integer interval.
streaming_state_ttl_unit	String	Definition Time unit. MINUTE HOUR DAY MONTH: month Constraints N/A Range MINUTE HOUR DAY MONTH Default Value N/A
streaming_checkpoint_ttl_interval	Integer	Integer interval.
streaming_checkpoint_ttl_unit	String	Definition Time unit. MINUTE HOUR DAY MONTH: month Constraints N/A Range MINUTE HOUR DAY MONTH Default Value N/A
streaming_startup_mode	String	Definition Job startup mode. UPGRADE: startup in upgrade mode REFRESH_NEW: startup in refresh mode Constraints N/A Range UPGRADE REFRESH_NEW Default Value N/A
batch_overtime_strategy_interval	Integer	Integer interval.
batch_overtime_strategy_unit	String	Definition Time unit. MINUTE HOUR DAY MONTH: month Constraints N/A Range MINUTE HOUR DAY MONTH Default Value N/A
search_delay_interval	Integer	Integer interval.
search_delay_unit	String	Definition Time unit. MINUTE HOUR DAY MONTH: month Constraints N/A Range MINUTE HOUR DAY MONTH Default Value N/A
search_frequency_interval	Integer	Integer interval.
search_frequency_unit	String	Definition Time unit. MINUTE HOUR DAY MONTH: month Constraints N/A Range MINUTE HOUR DAY MONTH Default Value N/A
search_overtime_interval	Integer	Integer interval.
search_overtime_unit	String	Definition Time unit. MINUTE HOUR DAY MONTH: month Constraints N/A Range MINUTE HOUR DAY MONTH Default Value N/A
search_period_interval	Integer	Integer interval.
search_period_unit	String	Definition Time unit. MINUTE HOUR DAY MONTH: month Constraints N/A Range MINUTE HOUR DAY MONTH Default Value N/A
search_table_id	String	UUID
search_table_name	String	Table name.
field_not_null_policy	String	Definition Policy for processing non-empty fields in job tables. LOOSE STRICT Constraints N/A Value Range LOOSE STRICT Default Value LOOSE

**Table 8** AlertRuleJobSetting
Parameter	Type	Description
alert_custom_properties	Map<String,String>	Custom alert attributes.
alert_description	String	Alert description.
alert_grouping	Boolean	Whether to group alerts.
alert_mapping	Map<String,String>	Alert mapping.
alert_name	String	Alert name.
alert_remediation	String	Alert clearance.
alert_severity	String	Definition Alert severity. TIPS: informational LOW: low risk MEDIUM: medium risk HIGH: high risk FATAL: critical Constraints N/A Range TIPS LOW MEDIUM HIGH FATAL Default Value N/A
alert_suppression	Boolean	Whether to suppress alerts.
alert_type	Map<String,String>	Alert type.
entity_extraction	Map<String,String>	Extracted entity.
field_mapping	Map<String,String>	Field mapping.
dict_mapping	Array of DictMappingObject objects	Dictionary mapping table.

**Table 9** DictMappingObject
Parameter	Type	Description
dest_field_name	String	Target field of the dictionary mapping.
table_id	String	ID of the dimension table of the dictionary mapping object.
dic_map_name	String	Dictionary mapping name.
src_filed_name	String	Original field of the dictionary mapping.

Example Requests

None

Example Responses

None

SDK Sample Code

The SDK sample code is as follows.

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.secmaster.v2.region.SecMasterRegion;
import com.huaweicloud.sdk.secmaster.v2.*;
import com.huaweicloud.sdk.secmaster.v2.model.*;


public class UpdateAlertRuleSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        SecMasterClient client = SecMasterClient.newBuilder()
                .withCredential(auth)
                .withRegion(SecMasterRegion.valueOf("<YOUR REGION>"))
                .build();
        UpdateAlertRuleRequest request = new UpdateAlertRuleRequest();
        request.withWorkspaceId("{workspace_id}");
        UpdateAlertRuleRequestBody body = new UpdateAlertRuleRequestBody();
        request.withBody(body);
        try {
            UpdateAlertRuleResponse response = client.updateAlertRule(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

      
       
         
         
           # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdksecmaster.v2.region.secmaster_region import SecMasterRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdksecmaster.v2 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = SecMasterClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(SecMasterRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = UpdateAlertRuleRequest()
        request.workspace_id = "{workspace_id}"
        request.body = UpdateAlertRuleRequestBody(
        )
        response = client.update_alert_rule(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    secmaster "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := secmaster.NewSecMasterClient(
        secmaster.SecMasterClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.UpdateAlertRuleRequest{}
	request.WorkspaceId = "{workspace_id}"
	request.Body = &model.UpdateAlertRuleRequestBody{
	}
	response, err := client.UpdateAlertRule(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     