更新时间:2024-07-22 GMT+08:00

更新告警规则

功能介绍

Update alert rule

调用方法

请参见如何调用API

URI

PUT /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/{rule_id}

表1 路径参数

参数

是否必选

参数类型

描述

project_id

String

项目 ID。Project ID.

最小长度:32

最大长度:36

workspace_id

String

工作空间 ID。Workspace ID.

最小长度:32

最大长度:36

rule_id

String

告警规则 ID。Alert rule ID.

最小长度:36

最大长度:36

请求参数

表2 请求Header参数

参数

是否必选

参数类型

描述

X-Auth-Token

String

用户Token,通过调用IAM服务获取用户Token接口获取。 IAM user token, fetch from IAM api.

最小长度:1

最大长度:2097152

表3 请求Body参数

参数

是否必选

参数类型

描述

rule_name

String

告警规则名称。Alert rule name.

最小长度:1

最大长度:255

description

String

描述。Description.

最小长度:0

最大长度:1024

query

String

查询语句。Query.

最小长度:1

最大长度:1024

query_type

String

查询语法,SQL。Query type. SQL.

缺省值:SQL

最小长度:1

最大长度:255

枚举值:

  • SQL

status

String

启用状态,启用、停用。Status, enabled, disabled.

缺省值:ENABLED

最小长度:1

最大长度:255

枚举值:

  • ENABLED

  • DISABLED

severity

String

严重程度,提示、低危、中危、高危、致命。Severity. TIPS, LOW, MEDIUM, HIGH, FATAL

缺省值:TIPS

最小长度:1

最大长度:255

枚举值:

  • TIPS

  • LOW

  • MEDIUM

  • HIGH

  • FATAL

custom_properties

Map<String,String>

自定义扩展信息。Custom properties.

alert_type

Map<String,String>

告警类型。Alert type.

event_grouping

Boolean

告警分组。Event grouping.

缺省值:true

suppression

Boolean

告警抑制。Suppression

缺省值:true

simulation

Boolean

模拟告警。Simulation.

缺省值:true

schedule

Schedule object

triggers

Array of AlertRuleTrigger objects

告警触发规则。Alert triggers.

数组长度:1 - 5

表4 Schedule

参数

是否必选

参数类型

描述

frequency_interval

Integer

调度间隔。Frequency interval.

最小值:1

最大值:60

frequency_unit

String

调度间隔单位,分钟、小时、天。Frequency unit. MINUTE, HOUR, DAY.

最小长度:1

最大长度:255

枚举值:

  • MINUTE

  • HOUR

  • DAY

period_interval

Integer

时间窗口间隔。Period interval.

最小值:1

最大值:60

period_unit

String

时间窗口单位,分钟、小时、天。Period unit. MINUTE, HOUR, DAY.

最小长度:1

最大长度:255

枚举值:

  • MINUTE

  • HOUR

  • DAY

delay_interval

Integer

延迟间隔。Delay interval

最小值:0

最大值:10

缺省值:0

overtime_interval

Integer

超时间隔。Overtime interval

最小值:0

最大值:10

缺省值:10

表5 AlertRuleTrigger

参数

是否必选

参数类型

描述

mode

String

模式,数量。Mode. COUNT.

缺省值:COUNT

最小长度:1

最大长度:255

枚举值:

  • COUNT

operator

String

操作符,等于、不等于、大于、小于。 operator. EQ equal, NE not equal, GT greater than, LT less than.

缺省值:GT

最小长度:1

最大长度:255

枚举值:

  • EQ

  • NE

  • GT

  • LT

expression

String

expression

最小长度:1

最大长度:255

severity

String

严重程度,提示、低危、中危、高危、致命。Severity. TIPS, LOW, MEDIUM, HIGH, FATAL

最小长度:1

最大长度:255

枚举值:

  • TIPS

  • LOW

  • MEDIUM

  • HIGH

  • FATAL

accumulated_times

Integer

accumulated_times

最小值:1

最大值:1000

缺省值:1

响应参数

状态码: 200

表6 响应Header参数

参数

参数类型

描述

X-request-id

String

This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname.

表7 响应Body参数

参数

参数类型

描述

rule_id

String

告警规则 ID。Alert rule ID.

最小长度:36

最大长度:36

pipe_id

String

数据管道 ID。Pipe ID.

最小长度:36

最大长度:36

pipe_name

String

数据管道名称。Pipe name.

最小长度:5

最大长度:63

create_by

String

创建人。Create by.

最小长度:1

最大长度:255

create_time

Long

创建时间。Create time.

最小值:0

最大值:9223372036854775807

update_by

String

更新人。Update by.

最小长度:1

最大长度:255

update_time

Long

更新时间。Update time.

最小值:0

最大值:9223372036854775807

delete_time

Long

删除时间。Delete time.

最小值:0

最大值:9223372036854775807

rule_name

String

告警规则名称。Alert rule name.

最小长度:1

最大长度:255

query

String

查询语句。Query.

最小长度:1

最大长度:1024

query_type

String

查询语法,SQL。Query type. SQL.

缺省值:SQL

最小长度:1

最大长度:255

枚举值:

  • SQL

status

String

启用状态,启用、停用。Status, enabled, disabled.

缺省值:ENABLED

最小长度:1

最大长度:255

枚举值:

  • ENABLED

  • DISABLED

severity

String

严重程度,提示、低危、中危、高危、致命。Severity. TIPS, LOW, MEDIUM, HIGH, FATAL

缺省值:TIPS

最小长度:1

最大长度:255

枚举值:

  • TIPS

  • LOW

  • MEDIUM

  • HIGH

  • FATAL

custom_properties

Map<String,String>

自定义扩展信息。Custom properties.

event_grouping

Boolean

告警分组。Event grouping.

缺省值:true

schedule

Schedule object

triggers

Array of AlertRuleTrigger objects

告警触发规则。Alert triggers.

数组长度:1 - 5

表8 Schedule

参数

参数类型

描述

frequency_interval

Integer

调度间隔。Frequency interval.

最小值:1

最大值:60

frequency_unit

String

调度间隔单位,分钟、小时、天。Frequency unit. MINUTE, HOUR, DAY.

最小长度:1

最大长度:255

枚举值:

  • MINUTE

  • HOUR

  • DAY

period_interval

Integer

时间窗口间隔。Period interval.

最小值:1

最大值:60

period_unit

String

时间窗口单位,分钟、小时、天。Period unit. MINUTE, HOUR, DAY.

最小长度:1

最大长度:255

枚举值:

  • MINUTE

  • HOUR

  • DAY

delay_interval

Integer

延迟间隔。Delay interval

最小值:0

最大值:10

缺省值:0

overtime_interval

Integer

超时间隔。Overtime interval

最小值:0

最大值:10

缺省值:10

表9 AlertRuleTrigger

参数

参数类型

描述

mode

String

模式,数量。Mode. COUNT.

缺省值:COUNT

最小长度:1

最大长度:255

枚举值:

  • COUNT

operator

String

操作符,等于、不等于、大于、小于。 operator. EQ equal, NE not equal, GT greater than, LT less than.

缺省值:GT

最小长度:1

最大长度:255

枚举值:

  • EQ

  • NE

  • GT

  • LT

expression

String

expression

最小长度:1

最大长度:255

severity

String

严重程度,提示、低危、中危、高危、致命。Severity. TIPS, LOW, MEDIUM, HIGH, FATAL

最小长度:1

最大长度:255

枚举值:

  • TIPS

  • LOW

  • MEDIUM

  • HIGH

  • FATAL

accumulated_times

Integer

accumulated_times

最小值:1

最大值:1000

缺省值:1

状态码: 400

表10 响应Header参数

参数

参数类型

描述

X-request-id

String

This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname.

请求示例

更新一条告警规则,告警规则名称为Alert rule,查询类型为SQL,状态为启用,严重程度为提示。

{
  "rule_name" : "Alert rule",
  "query" : "* | select status, count(*) as count group by status",
  "query_type" : "SQL",
  "status" : "ENABLED",
  "severity" : "TIPS",
  "custom_properties" : {
    "references" : "https://localhost/references",
    "maintainer" : "isap"
  },
  "event_grouping" : true,
  "schedule" : {
    "frequency_interval" : 5,
    "frequency_unit" : "MINUTE",
    "period_interval" : 5,
    "period_unit" : "MINUTE",
    "delay_interval" : 2,
    "overtime_interval" : 10
  },
  "triggers" : [ {
    "mode" : "COUNT",
    "operator" : "GT",
    "expression" : 10,
    "severity" : "TIPS"
  } ]
}

响应示例

状态码: 200

请求成功

{
  "rule_id" : "443a0117-1aa4-4595-ad4a-796fad4d4950",
  "pipe_id" : "772fb35b-83bc-46c9-a0b1-ebe31070a889",
  "create_by" : "582dd19dd99d4505a1d7929dc943b169",
  "create_time" : 1665221214,
  "update_by" : "582dd19dd99d4505a1d7929dc943b169",
  "update_time" : 1665221214,
  "delete_time" : 0,
  "rule_name" : "Alert rule",
  "query" : "* | select status, count(*) as count group by status",
  "query_type" : "SQL",
  "status" : "ENABLED",
  "severity" : "TIPS",
  "custom_properties" : {
    "references" : "https://localhost/references",
    "maintainer" : "isap"
  },
  "event_grouping" : true,
  "schedule" : {
    "frequency_interval" : 5,
    "frequency_unit" : "MINUTE",
    "period_interval" : 5,
    "period_unit" : "MINUTE",
    "delay_interval" : 2,
    "overtime_interval" : 10
  },
  "triggers" : [ {
    "mode" : "COUNT",
    "operator" : "GT",
    "expression" : 10,
    "severity" : "TIPS"
  } ]
}

SDK代码示例

SDK代码示例如下。

更新一条告警规则,告警规则名称为Alert rule,查询类型为SQL,状态为启用,严重程度为提示。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.secmaster.v2.region.SecMasterRegion;
import com.huaweicloud.sdk.secmaster.v2.*;
import com.huaweicloud.sdk.secmaster.v2.model.*;

import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.util.HashMap;

public class UpdateAlertRuleSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");

        ICredential auth = new BasicCredentials()
                .withAk(ak)
                .withSk(sk);

        SecMasterClient client = SecMasterClient.newBuilder()
                .withCredential(auth)
                .withRegion(SecMasterRegion.valueOf("<YOUR REGION>"))
                .build();
        UpdateAlertRuleRequest request = new UpdateAlertRuleRequest();
        UpdateAlertRuleRequestBody body = new UpdateAlertRuleRequestBody();
        List<AlertRuleTrigger> listbodyTriggers = new ArrayList<>();
        listbodyTriggers.add(
            new AlertRuleTrigger()
                .withMode(AlertRuleTrigger.ModeEnum.fromValue("COUNT"))
                .withOperator(AlertRuleTrigger.OperatorEnum.fromValue("GT"))
                .withExpression("10")
                .withSeverity(AlertRuleTrigger.SeverityEnum.fromValue("TIPS"))
        );
        Schedule schedulebody = new Schedule();
        schedulebody.withFrequencyInterval(5)
            .withFrequencyUnit(Schedule.FrequencyUnitEnum.fromValue("MINUTE"))
            .withPeriodInterval(5)
            .withPeriodUnit(Schedule.PeriodUnitEnum.fromValue("MINUTE"))
            .withDelayInterval(2)
            .withOvertimeInterval(10);
        Map<String, String> listbodyCustomProperties = new HashMap<>();
        listbodyCustomProperties.put("references", "https://localhost/references");
        listbodyCustomProperties.put("maintainer", "isap");
        body.withTriggers(listbodyTriggers);
        body.withSchedule(schedulebody);
        body.withEventGrouping(true);
        body.withCustomProperties(listbodyCustomProperties);
        body.withSeverity(UpdateAlertRuleRequestBody.SeverityEnum.fromValue("TIPS"));
        body.withStatus(UpdateAlertRuleRequestBody.StatusEnum.fromValue("ENABLED"));
        body.withQueryType(UpdateAlertRuleRequestBody.QueryTypeEnum.fromValue("SQL"));
        body.withQuery("* | select status, count(*) as count group by status");
        body.withRuleName("Alert rule");
        request.withBody(body);
        try {
            UpdateAlertRuleResponse response = client.updateAlertRule(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

更新一条告警规则,告警规则名称为Alert rule,查询类型为SQL,状态为启用,严重程度为提示。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdksecmaster.v2.region.secmaster_region import SecMasterRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdksecmaster.v2 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]

    credentials = BasicCredentials(ak, sk)

    client = SecMasterClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(SecMasterRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = UpdateAlertRuleRequest()
        listTriggersbody = [
            AlertRuleTrigger(
                mode="COUNT",
                operator="GT",
                expression="10",
                severity="TIPS"
            )
        ]
        schedulebody = Schedule(
            frequency_interval=5,
            frequency_unit="MINUTE",
            period_interval=5,
            period_unit="MINUTE",
            delay_interval=2,
            overtime_interval=10
        )
        listCustomPropertiesbody = {
            "references": "https://localhost/references",
            "maintainer": "isap"
        }
        request.body = UpdateAlertRuleRequestBody(
            triggers=listTriggersbody,
            schedule=schedulebody,
            event_grouping=True,
            custom_properties=listCustomPropertiesbody,
            severity="TIPS",
            status="ENABLED",
            query_type="SQL",
            query="* | select status, count(*) as count group by status",
            rule_name="Alert rule"
        )
        response = client.update_alert_rule(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

更新一条告警规则,告警规则名称为Alert rule,查询类型为SQL,状态为启用,严重程度为提示。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    secmaster "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        Build()

    client := secmaster.NewSecMasterClient(
        secmaster.SecMasterClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.UpdateAlertRuleRequest{}
	modeTriggers:= model.GetAlertRuleTriggerModeEnum().COUNT
	operatorTriggers:= model.GetAlertRuleTriggerOperatorEnum().GT
	severityTriggers:= model.GetAlertRuleTriggerSeverityEnum().TIPS
	var listTriggersbody = []model.AlertRuleTrigger{
        {
            Mode: &modeTriggers,
            Operator: &operatorTriggers,
            Expression: "10",
            Severity: &severityTriggers,
        },
    }
	delayIntervalSchedule:= int32(2)
	overtimeIntervalSchedule:= int32(10)
	schedulebody := &model.Schedule{
		FrequencyInterval: int32(5),
		FrequencyUnit: model.GetScheduleFrequencyUnitEnum().MINUTE,
		PeriodInterval: int32(5),
		PeriodUnit: model.GetSchedulePeriodUnitEnum().MINUTE,
		DelayInterval: &delayIntervalSchedule,
		OvertimeInterval: &overtimeIntervalSchedule,
	}
	var listCustomPropertiesbody = map[string]string{
        "references": "https://localhost/references",
        "maintainer": "isap",
    }
	eventGroupingUpdateAlertRuleRequestBody:= true
	severityUpdateAlertRuleRequestBody:= model.GetUpdateAlertRuleRequestBodySeverityEnum().TIPS
	statusUpdateAlertRuleRequestBody:= model.GetUpdateAlertRuleRequestBodyStatusEnum().ENABLED
	queryTypeUpdateAlertRuleRequestBody:= model.GetUpdateAlertRuleRequestBodyQueryTypeEnum().SQL
	queryUpdateAlertRuleRequestBody:= "* | select status, count(*) as count group by status"
	ruleNameUpdateAlertRuleRequestBody:= "Alert rule"
	request.Body = &model.UpdateAlertRuleRequestBody{
		Triggers: &listTriggersbody,
		Schedule: schedulebody,
		EventGrouping: &eventGroupingUpdateAlertRuleRequestBody,
		CustomProperties: listCustomPropertiesbody,
		Severity: &severityUpdateAlertRuleRequestBody,
		Status: &statusUpdateAlertRuleRequestBody,
		QueryType: &queryTypeUpdateAlertRuleRequestBody,
		Query: &queryUpdateAlertRuleRequestBody,
		RuleName: &ruleNameUpdateAlertRuleRequestBody,
	}
	response, err := client.UpdateAlertRule(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。

状态码

状态码

描述

200

请求成功

400

请求失败

错误码

请参见错误码