Create an Alert Rule with Email Notification from the Director Console API

The AlertRules API allows you to create an alert rule and select the medium to notify you of the generated incidents on behalf a Fabric-enabled LogPoint. You can receive notifications via email, SSH, SNMP, HTTP, or Syslog.

The following diagram displays the APIs used while creating an alert rule with email notification from the Director Console API.

Follow the steps mentioned below to create an alert rule with email notification from the Director Console API.

Create a Repo

Execute the Repos - Create API in the Director Console API.
Note
Skip this step if you have the required log storage repositories.

Create an Incident User Group

Create an Incident User Group from the LogPoint user interface.
Note
Skip this step if you have the required incident user group(s).

Create a User

Create a User from the LogPoint user interface.
Note
Skip this step if you have the required user(s).

Create an Alert Rule

Execute the Repos - FetchRemoteRepo API to obtain the value of the address parameter. Use this value in the repos parameter of the AlertRules - Create API.
Execute the Users - FetchUsers API to obtain the value of the id parameter.
- Use the id of the user owning the alert rule in the owner parameter of the AlertRules - Create API.
- Use the id of the user monitoring the generated incidents in the assigned_to parameter of the AlertRules - Create API. This user has the rights to view, re-assign, comment on, and resolve the incidents.
Execute the IncidentUserGroups - FetchIncidentUsers API to obtain the value of the id parameter. Use the id of the user who monitors the generated incidents in the managed_by parameter of the AlertRules - Create API. This user has the rights to view, re-assign, and comment on the incidents.
Execute the AlertRules - Create API with the remaining parameters.

Configure Email Notification in the Alert Rule

Execute the AlertRules - FetchMyRules API to obtain the value of the id parameter. Use this value in the id parameter of the AlertRules - EmailNotification API.
Execute the AlertRules- EmailNotification API with the remaining parameters.

Sample API Requests and Responses for Creating an Alert Rule with Email Notification

Create a Repo

Execute the Repos - Create API.

Config API:

POST
https://api-server-host-name/configapi/v1/{pool_UUID}/{logpoint_identifier}/Repos
{
    "data":
    {
    "hiddenrepopath":
    [
      {
        "path": "/opt/immune/storage/", 
        "retention": 10
      }                             
    ], 
    "name": "Test_Repo"
    }
}  

Response:

{
    "status": "Success",
    "message": "monitorapi/v1/a88eff627cc14105b28bac889e900882/ea92ab66cae24e4e9fe22189468056f8/orders/9ce29efb-b167-41f6-8681-21610dcdbb32"
}

Monitoring API:

GET
https://api-server-host-name/monitorapi/v1/a88eff627cc14105b28bac889e900882/ea92ab66cae24e4e9fe22189468056f8/orders/9ce29efb-b167-41f6-8681-21610dcdbb32

Response:

{
    "request": {},
    "logpoint_identifier": "ea92ab66cae24e4e9fe22189468056f8",
    "pool_uuid": "a88eff627cc14105b28bac889e900882",
    "response":
    {
        "message": "Repo added",
        "success": true
    }
}

This step successfully creates a repo.

Create an Alert Rule

Execute the Repos - FetchRemoteRepo API to obtain the value of the address parameter.

Config API:

POST
https:://api-server-host-name/configapi/v1/{pool_UUID}/{logpoint_identifier}/Repos/RemoteRepos/fetch

{

"data":
    {


    }
}

Response:

{
    "status": "Success, "message":"monitorapi/v1/208118f9ee8049d3a23c2da7ed7f1a3a/3324b10a5bbb4a51891860b50cf7b6b9/data/c22aa29f-d843-47cf-8333-18d7694add2f/RemoteReposa"
}

Monitoring API:

GET
https:://api-server-host-name/monitorapi/v1/208118f9ee8049d3a23c2da7ed7f1a3a/3324b10a5bbb4a51891860b50cf7b6b9/data/c22aa29f-d843-47cf-8333-18d7694add2f/RemoteReposa

Response:

{
    "request": {},
    "logpoint_identifier": "3324b10a5bbb4a51891860b50cf7b6b9",
    "pool_uuid": "208118f9ee8049d3a23c2da7ed7f1a3a",
    "response": {
    "success": true,
    "rows": [
    {
        "repos": [
            {
                "repo": "default",
                "address": "127.0.0.1:5504/default"
            },
            {
                "repo": "_logpoint",
                "address": "127.0.0.1:5504/_logpoint"
            },
            {
                "repo": "_LogPointAlerts",
                "address": "127.0.0.1:5504/_LogPointAlerts"
            },
            {
                "repo": "Test_Repo",
                "address": "127.0.0.1:5504/Test_Repo"
            }
        ],
        "li": "LogPoint1"
    }
            ]
                }
}

Execute the IncidentUserGroups - FetchIncidentUserGroup API to obtain the value of the id parameter.

Note

Configure the required incident user group from the user interface of the Fabric-enabled LogPoint.

Config API:

POST
https:://api-server-host-name/configapi/v1/{pool_UUID}/{logpoint_identifier}/IncidentUserGroups/fetch

{

"data":
    {


    }
}

Response:

{
    "status": "Success, "message":"monitorapi/v1/208118f9ee8049d3a23c2da7ed7f1a3a/3324b10a5bbb4a51891860b50cf7b6b9/data/ab56a71a-5404-4c3c-af50-1905af9be649/IncidentUserGroups"
}

Monitoring API:

GET
https:://api-server-host-name/monitorapi/v1/208118f9ee8049d3a23c2da7ed7f1a3a/3324b10a5bbb4a51891860b50cf7b6b9/data/ab56a71a-5404-4c3c-af50-1905af9be649/IncidentUserGroups/RemoteReposa

Response:

{
    "request": {},
    "logpoint_identifier": "3324b10a5bbb4a51891860b50cf7b6b9",
    "pool_uuid": "208118f9ee8049d3a23c2da7ed7f1a3a",
    "response": {
        "success": true,
        "rows": [
            {
                "id": "5c08a02a45036435e319098b",
                "name": "User Account Administrator"
            },
            {
                "id": "5c08a02a45036435e319098a",
                "name": "LogPoint Administrator"
            }
                ]
                }
}

Execute the Users - FetchUsers API to obtain the value of the id parameter.

Config API:

POST
https:://api-server-host-name/configapi/v1/{pool_UUID}/{logpoint_identifier}/Users/fetch

{

"data":
    {


    }
}

Response:

{
    "status": "Success, "message":"monitorapi/v1/208118f9ee8049d3a23c2da7ed7f1a3a/3324b10a5bbb4a51891860b50cf7b6b9/data/efa6d78d-34e7-4d3a-9811-a756a6bca514/Users"
}

Monitoring API:

GET
https:://api-server-host-name/monitorapi/v1/208118f9ee8049d3a23c2da7ed7f1a3a/3324b10a5bbb4a51891860b50cf7b6b9/data/efa6d78d-34e7-4d3a-9811-a756a6bca514/Users

Response:

{
    "request": {},
    "logpoint_identifier": "3324b10a5bbb4a51891860b50cf7b6b9",
    "pool_uuid": "208118f9ee8049d3a23c2da7ed7f1a3a",
    "response": {
        "success": true,
        "rows": [
            {
                "previous_passwords": [],
                "password_change_date": "2017-12-29 16:34:37.666000",
                "usergroup": [
                    "5a466e9dd8aaa4748d3977c3"
                ],
                "timezone": "5a466e9dd8aaa4748d39776b",
                "id": "5a466e9dd8aaa4748d3977c7",
                "preferences": "5a466e9dd8aaa4748d3977a1",
                "failed_login_count": 0,
                "last_login": {
                    "login_date": "2018-12-06 04:25:15.739000"
                },
                "tid": "",
                "ldap_strategy": "",
                "query": "",
                "email": "[email protected]",
                "username": "admin",
                "firstname": "Admin",
                "lastname": "Admin",
                "active": true,
                "password": "pbkdf2:sha1:1000$T9AiW2h0$e57c2bbf4a1ad96df624c4bfe6f4d69183cd7485",
                "fullname": "Admin Admin",
                "locked": false,
                "fields": {
                    "show_all": true,
                    "hidden_fields": []
                },
                "dashboard": "5a466e9dd8aaa4748d3977c6",
                "secret_key": "5b7247cc52dc9289a88fe6436132707d",
                "locked_time": "2017-12-29 16:34:37.666000"
            },
            {
                "previous_passwords": [],
                "password_change_date": "2018-08-24 04:19:02.212000",
                "usergroup": [
                    "5a466e9dd8aaa4748d3977c3"
                ],
                "query": null,
                "id": "5b7f87364503642c7292db3b",
                "preferences": "5b7f87364503642c7292db37",
                "timezone": "5a466e9dd8aaa4748d397773",
                "failed_login_count": 0,
                "ldap_strategy": "",
                "tid": "",
                "last_login": {
                    "login_date": "2018-08-24 05:28:18.599000"
                },
                "plugin_settings": {},
                "email": "[email protected]",
                "username": "John",
                "firstname": "John",
                "lastname": "Schmit",
                "active": true,
                "password": "pbkdf2:sha1:1000$CssmPEMZ$22a015d6899ef66b8cf6af97070c60658e088d8d",
                "secret_key": "d3b407017e1c8d096cfe8027d5c85301",
                "locked": false,
                "fields": {
                    "show_all": true,
                    "hidden_fields": []
                },
                "dashboard": "5b7f87364503642c7292db39",
                "fullname": "John Schmit",
                "locked_time": "2018-08-24 04:19:02.212000"
            },
            {
                "previous_passwords": [],
                "password_change_date": "2018-10-09 05:26:49.285000",
                "usergroup": [
                    "5a466e9dd8aaa4748d3977c3"
                ],
                "query": null,
                "id": "5bbc3c194503642c3774f592",
                "preferences": "5bbc3c194503642c3774f58e",
                "timezone": "5a466e9dd8aaa4748d39776b",
                "failed_login_count": 0,
                "ldap_strategy": "",
                "tid": "",
                "last_login": {
                    "login_date": "2018-10-09 06:19:30.232000"
                },
                "plugin_settings": {},
                "email": "[email protected]",
                "username": "mark",
                "firstname": "mark",
                "lastname": "corrian",
                "active": true,
                "password": "pbkdf2:sha1:1000$KOQ2KuMw$3c688c78585fc3e3901a12682e09f1d0c68ff142",
                "secret_key": "3900251a8ee15b21b8de7c4e6714ea55",
                "locked": false,
                "fields": {
                    "show_all": true,
                    "hidden_fields": []
                },
                "dashboard": "5bbc3c194503642c3774f590",
                "fullname": "mark corrian",
                "locked_time": "2018-10-09 05:26:49.285000"
            }
        ]
    }
}

Execute the AlertRules - Create API. Use the values of the address parameter obtained from step 1 in the repos parameter, the id parameter obtained from step 2 in the managed_by parameter and the values of id parameter obtained from step 3 in the owner (owns the alert rule) and assigned_to (manages the generated incidents) parameter of the API.

Config API:

POST
https:://api-server-host-name/configapi/v1/{pool_UUID}/{logpoint_identifier}/AlertRules

{
"data": {
    "throttling_enabled": "on",
    "repos": [
        "127.0.0.1:5504/default"
        ],
    "managed_by": "5c08a02a45036435e319098b",
    "owner": "5a466e9dd8aaa4748d3977c7",
    "query": "col_type=filesystem",
    "condition_value": 5,
    "description": "Notification of \"coltype filesystem\"",
    "condition_option": "greaterthan",
    "throttling_time_range": 5,
    "risk": "medium",
    "timerange_hour": 2,
    "throttling_field": "device_name",
    "aggregate": "min",
    "searchname": "alertRules1",
    "timerange_day": 1,
    "timerange_minute": 3,
    "limit": 25,
    "assigned_to": "5a466e9dd8aaa4748d3977c7"
        }
}

Response:

{
    "status": "Success, "message":"monitorapi/v1/208118f9ee8049d3a23c2da7ed7f1a3a/3324b10a5bbb4a51891860b50cf7b6b9/orders/8d99bc6e-f7fc-42fd-b104-5bf5dc21ab4a"
}

Monitoring API:

GET
https:://api-server-host-name/monitorapi/v1/208118f9ee8049d3a23c2da7ed7f1a3a/3324b10a5bbb4a51891860b50cf7b6b9/orders/8d99bc6e-f7fc-42fd-b104-5bf5dc21ab4a"

Response:

{
"request": {},
"logpoint_identifier": "3324b10a5bbb4a51891860b50cf7b6b9",
"pool_uuid": "208118f9ee8049d3a23c2da7ed7f1a3a",
"response": {
    "audit_data": [],
    "message": "Alert rule added",
    "success": true,
    "id": "5c08b9a345036435e9753260"
            }
}

This step successfully creates an alert rule for a Fabric-enabled LogPoint.

Configure Email Notification in the Alert Rule

You must enable the SMTP settings in the Fabric-enabled LogPoint for the required email address to receive the email notification.

Execute the SystemSettingsSMTP - Save API with the required parameters to enable SMTP settings.

Config API:

POST
https:://api-server-host-name/configapi/v1/{pool_UUID}/{logpoint_identifier}/SystemSettingsSMTP

{
  "data": {
    "smtp_sender_email": "[email protected]", 
    "smtp_port": 25, 
    "smtp_password": "John", 
    "login_required": "on", 
    "smtp_server": "192.168.1.34", 
    "smtp_username": "John", 
    "smtp_sender_name": "John"
  }
}

Response:

{
    "status": "Success, "message":"monitorapi/v1/208118f9ee8049d3a23c2da7ed7f1a3a/3324b10a5bbb4a51891860b50cf7b6b9/orders/b82c0eba-6444-4b71-bdd2-a990f59e25d7"
}

Monitoring API:

GET
https:://api-server-host-name/monitorapi/v1/208118f9ee8049d3a23c2da7ed7f1a3a/3324b10a5bbb4a51891860b50cf7b6b9/orders/b82c0eba-6444-4b71-bdd2-a990f59e25d7"

Response:

{
    "request": {},
    "logpoint_identifier": "3324b10a5bbb4a51891860b50cf7b6b9",
    "pool_uuid": "208118f9ee8049d3a23c2da7ed7f1a3a",
    "response": {
        "message": "SMTP settings updated",
        "errors": [],
        "success": true
    }
}

Execute the AlertRules - FetchMyRules API to obtain the value of the id parameter.

Config API:

POST
https:://api-server-host-name/configapi/v1/{pool_UUID}/{logpoint_identifier}/AlertRules/MyAlertRules/fetch

{
  "data":
    {

    }
}

Response:

{
    "status": "Success, "message":"monitorapi/v1/208118f9ee8049d3a23c2da7ed7f1a3a/3324b10a5bbb4a51891860b50cf7b6b9/data/9259ba84-ce52-4fa4-a8e4-81a2591e45ca/MyAlertRules"
}

Monitoring API:

GET
https:://api-server-host-name/monitorapi/v1/208118f9ee8049d3a23c2da7ed7f1a3a/3324b10a5bbb4a51891860b50cf7b6b9/data/9259ba84-ce52-4fa4-a8e4-81a2591e45ca/MyAlertRules"

Response:


{
    "request": {},
    "logpoint_identifier": "3324b10a5bbb4a51891860b50cf7b6b9",
    "pool_uuid": "208118f9ee8049d3a23c2da7ed7f1a3a",
    "response": {
        "success": true,
        "rows": [
            {
                "throttling_enabled": true,
                "vid": "",
                "data_privacy_request": [],
                "repos": [
                    "127.0.0.1:5504/default"
                ],
                "visible_to": [],
                "active": true,
                "flush_on_trigger": false,
                "owner": "admin",
                "query": "col_type=filesystem",
                "context_template": "",
                "id": "5c08b9a345036435e9753260",
                "risk": "medium",
                "throttling_time_range": "5",
                "description": "Notification of \"coltype filesystem\"",
                "timerange_hour": 2,
                "used_by": [],
                "throttling_field": "device_name",
                "notifications": [],
                "user": "admin",
                "aggregate": "min",
                "condition": {
                    "condition_option": "greaterthan",
                    "condition_value": "5"
                },
                "name": "alertRules1",
                "sharing_policy": "private",
                "timerange_day": 1,
                "timerange_minute": 3,
                "assigned_to": "5a466e9dd8aaa4748d3977c7"
            }
        ]
    }
}

Execute the AlertRules - EmailNotification API with the required parameters in the request body of the API. Use the value of the id parameter obtained from step 2 in the id parameter of the AlertRules - EmailNotification API URL.

Config API:

POST
https:://api-server-host-name/configapi/v1/{pool_UUID}/{logpoint_identifier}/AlertRules/5c08b9a345036435e9753260/EmailNotification

{
  "data": {
    "notify_email": "on", 
    "email_template": "This is to notify about the occurance of the incident.", 
    "email_emails": [
      "[email protected]"
    ], 
    "email_threshold_enabled": "on", 
    "email_threshold_option": "minute", 
    "email_threshold_value": 5, 
    "subject": "An Incident has been fired."
  }
}

Response:

{
    "status": "Success, "message":"monitorapi/v1/208118f9ee8049d3a23c2da7ed7f1a3a/3324b10a5bbb4a51891860b50cf7b6b9/orders/92310a3f-65e0-4196-8935-a69885b2a500"
}

Monitoring API:

GET
https:://api-server-host-name/monitorapi/v1/208118f9ee8049d3a23c2da7ed7f1a3a/3324b10a5bbb4a51891860b50cf7b6b9/orders/92310a3f-65e0-4196-8935-a69885b2a500"

Response:

{
    "request": {},
    "logpoint_identifier": "3324b10a5bbb4a51891860b50cf7b6b9",
    "pool_uuid": "208118f9ee8049d3a23c2da7ed7f1a3a",
    "response": {
        "audit_data": [],
        "errors": [],
        "message": "Notification updated with EMAIL settings",
        "success": true
    }
}

This step successfully configures an email notification in the alert rule.

Last updated 16 days ago

Was this helpful?

Good morning

hashtagCreate a Repo

hashtagCreate an Incident User Group

hashtagCreate a User

hashtagCreate an Alert Rule

hashtagConfigure Email Notification in the Alert Rule

hashtagSample API Requests and Responses for Creating an Alert Rule with Email Notification

hashtagCreate a Repo

hashtagCreate an Alert Rule

hashtagConfigure Email Notification in the Alert Rule

Create a Repo

Create an Incident User Group

Create a User

Create an Alert Rule

Configure Email Notification in the Alert Rule

Sample API Requests and Responses for Creating an Alert Rule with Email Notification

Create a Repo

Create an Alert Rule

Configure Email Notification in the Alert Rule