Help Center/ SecMaster/ API Reference (Kuala Lumpur Region)/ API/ Alert Rule Management/ Simulating an Alert Rule

Updated on 2025-07-04 GMT+08:00

Online Debugging

CLI Examples

View PDF

Simulating an Alert Rule

Function

Simulate alert rule

Calling Method

For details, see Calling APIs.

URI

POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/simulation

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID.
workspace_id	Yes	String	Workspace ID.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. You can obtain the token by calling the IAM API used to obtain a user token.

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
pipe_id	Yes	String	Data pipeline ID.
query	Yes	String	Query statement.
query_type	No	String	Query syntax: SQL.
from	Yes	Long	Start time.
to	Yes	Long	End time.
event_grouping	No	Boolean	Alert group.
triggers	Yes	Array of AlertRuleTrigger objects	Alert triggering rules.

**Table 4** AlertRuleTrigger
Parameter	Mandatory	Type	Description
mode	No	String	Mode and quantity. COUNT.
operator	No	String	Operator. The value can be: EQ: Equal to NE: Not equal to GT: Greater than LT: Less than
expression	Yes	String	expression
severity	No	String	Severity. The options are Informational, Low, Medium, High, and Critical. (TIPS, LOW, MEDIUM, HIGH, FATAL)
accumulated_times	No	Integer	accumulated_times

Response Parameters

Status code: 200

**Table 5** Response header parameters
Parameter	Type	Description
X-request-id	String	This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname.

**Table 6** Response body parameters
Parameter	Type	Description
alert_count	Integer	Number of alerts.
severity	String	Severity. The options are Informational, Low, Medium, High, and Critical. (TIPS, LOW, MEDIUM, HIGH, FATAL)

Status code: 400

**Table 7** Response header parameters
Parameter	Type	Description
X-request-id	String	This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname.

Example Requests

Simulate an alert rule. The ID of the pipe to which the alarm rule belongs is ead2769b-afb0-45dd-b9fa-a2953e6ac82f, the query type is SQL, and the severity is Warning.

{
  "pipe_id" : "ead2769b-afb0-45dd-b9fa-a2953e6ac82f",
  "query" : "* | select status, count(*) as count group by status",
  "query_type" : "SQL",
  "event_grouping" : true,
  "from" : 1665221214000,
  "to" : 1665546370000,
  "triggers" : [ {
    "mode" : "COUNT",
    "operator" : "GT",
    "expression" : 10,
    "severity" : "TIPS"
  } ]
}

Example Responses

Status code: 200

Request succeeded.

{
  "alert_count" : 100,
  "severity" : "TIPS"
}

Status Codes

Status Code	Description
200	Request succeeded.
400	Request failed.

Error Codes

See Error Codes.

Parent topic: Alert Rule Management

Previous topic: Updating an Alert Rule

Next topic: Total number of alert rules.

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot