Page Contents

AlertRules

AlertRules¶

AlertRules - Activate¶

Activates the alert rule with given id .

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/{id}/activate

Parameter

Field	Label in UI	Type	Description
id	-	String	Alert rule id . Mandatory Field

Request Example

{
    "data": {}
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

AlertRules - Create¶

Create a new alert rule

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules

Parameter

Field	Label in UI	Type	Description
aggregate	Risk Calculation Function	String	Risk Calculation Function. Accepts values such as “min”,”max” and “avg”. Used for calculating Risk Value of the alert. Mandatory Field
alert_context_template	Template Syntax	String	Specify the Jinja Template syntax for rows that will be displayed in the Incident Data View. Optional Field
assigned_to	Assigned To	String	ID of the user who can re-assign, comment on and view the data of the generated incident. Optional Field
attack_tag	Attack Tag	[String]	List of attack tag IDs to categorize the alert rules. Use MitreAttacks - FetchMitreAttacks to obtain value for this parameter. Optional Field
condition_option	Condition	String	Accepts values such as “greaterthan”, “lessthan”, “equalsto”, “lessequal”, “equals”, “moreequal” and “notequal”. Mandatory Field
condition_value	Condition	int	Can be positive integer or 0. Mandatory Field
delay_interval_minute	Delay Threshold (Minutes)	int	Specify the value of delay interval in minutes to wait for the logs before processing. To set the value, “timestamp_on” parameter value must be “log_ts” in SystemSettingsGeneral API. Accepts values from 1 to 1440 only. Optional Field.
description	Description	String	Description of the alert rule. Optional Field
flush_on_trigger	Flush On Trigger	String	Enabling Flush on Trigger activates the next alert rule only by new set of events. Accepts only “on” as value to enable flush on trigger. Optional Field
limit	Limit	int	Number of logs. Minimum value for the field is 1. Mandatory Field
log_source	Log Sources	[String]	List of log sources from where the logs should be collected. Optional Field
manageable_by	Manageable by	[String]	A list of incident user groups ID where users can re-assign, comment on, view data and resolve the generated incidents. Optional Field
metadata	Metadata	[json]	Optional Field. Array of key-value pair objects to define custom metadata for an alert rule. Each object in the array must include the following parameters: field: Field for the custom metadata. value: Value associated with the given field.
original_data	Alert using original data	boolean	Alert will be generated with encrypted data where Data Privacy Module is enabled. Setting this value as “true” sends request to generate alert with original data. Can be true/false. Optional Field
owner	-	String	ID of the user who owns alert rule. Mandatory Field
query	Query	String	The query for which the alert rule should be fired. Optional Field
repos	Repos	[String]	The list of the Repos that you want to monitor for the matching alert condition. Use Repos - FetchRemoteRepos to obtain value for this parameter. Mandatory Field
risk	Risk	String	Risk level of the Alert. Accepts values such as “low”, “medium”, “high” and “critical”. Used for calculating Risk Value of the alert. Mandatory Field
search_interval_minute	Search Interval (Minutes)	int	Specify the custom search interval for retrieving the logs via search in minutes. Optional Field
searchname	Name	String	Name of the alert. It should be a unique valid string. Mandatory Field
throttling_enabled	Alert Throttling	String	Accepts “on” as value to enable Alert Throttling. Can be “on” only. Optional Field
throttling_field	Field	String	Specify a field on the basis of which alert throttling will be applied. Can be positive integer or 0. Mandatory only when the value of throttling_enabled is “on”. Optional Field
throttling_time_range	Minutes	int	Specify a time in minutes for which alert will not be dispatched. Mandatory only when the value of the value of throttling_enabled is “on”. Optional Field
timerange_day	Day	int	Specify the timerange in Day for which the alert condition is to be matched. Either timerange_day or timerange_hour must be present when timerange_minute is not present in the request. Optional Field
timerange_hour	Hour	int	Specify the timerange in Hour for which the alert condition is to be matched. Either timerange_day or timerange_hour must be present when timerange_minute is not present in the request. Optional Field
timerange_minute	Minute	int	Specify the timerange in Minute for which the alert condition is to be matched. Mandatory only when timerange_day and timerange_hour is not present in the request. Optional Field

Request Example

{
    "data": {
        "aggregate": "min",
        "alert_context_template": "{% for item in rows %}{{ item.col_ts }}{{item.device_ip}}{{item.source_address}}{%- endfor %}",
        "assigned_to": "5b2a1204d8aaa4136bd32baa",
        "attack_tag": [
            "fa31b91e608e4d840a773d891f3e0a84",
            "bfe6e195e59084a433a6cf3083056b01"
        ],
        "condition_option": "greaterthan",
        "condition_value": 5,
        "delay_interval_minute": 5,
        "description": "Notification of average severity level per device",
        "flush_on_trigger": "on",
        "limit": 25,
        "log_source": [
            "log1",
            "log2"
        ],
        "manageable_by": [
            "5a467b3dd8aaa461c3139038",
            "5a467b3dd8aaa461c3139039"
        ],
        "metadata": [
            {
                "field": "device_ip",
                "value": "127.0.0.1"
            },
            {
                "field": "device_name",
                "value": "localhost"
            }
        ],
        "original_data": "true",
        "owner": "5a466e9dd8aaa4748d3977c7",
        "query": "severity=*|chart avg(severity) by device_ip",
        "repos": [
            "127.0.0.1:5504/_LogPointAlerts",
            "127.0.0.1:5504/_logpoint"
        ],
        "risk": "medium",
        "search_interval_minute": 5,
        "searchname": "Average severity level per device",
        "throttling_enabled": "on",
        "throttling_field": "user",
        "throttling_time_range": 5,
        "timerange_hour": 2
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

AlertRules - Deactivate¶

Deactivates the alert rule with given id .

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/{id}/deactivate

Parameter

Field	Label in UI	Type	Description
id	-	String	Alert rule id . Mandatory Field

Request Example

{
    "data": {}
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

AlertRules - Edit¶

Edit alert rule with given id

PUT

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/{id}

Parameter

Field	Label in UI	Type	Description
aggregate	Risk Calculation Function	String	Risk Calculation Function. Accepts values such as “min”,”max” and “avg”. Used for calculating Risk Value of the alert. Mandatory Field
alert_context_template	Template Syntax	String	Specify the Jinja Template syntax for rows that will be displayed in the Incident Data View. Optional Field
assigned_to	Assigned To	String	ID of the user who can re-assign, comment on and view the data of the generated incident. Optional Field
attack_tag	Attack Tag	[String]	List of attack tag IDs to categorize the alert rules. Use MitreAttacks - FetchMitreAttacks to obtain value for this parameter. Optional Field
condition_option	Condition	String	Accepts values such as “greaterthan”, “lessthan”, “equalsto”, “lessequal”, “equals”, “moreequal” and “notequal”. Mandatory Field
condition_value	Condition	int	Can be positive integer or 0. Mandatory Field
delay_interval_minute	Delay Threshold (Minutes)	int	Specify the value of delay interval in minutes to wait for the logs before processing. To set the value, “timestamp_on” parameter value must be “log_ts” in SystemSettingsGeneral API. Accepts values from 1 to 1440 only. Optional Field
description	Description	String	Description of the alert rule. Optional Field
flush_on_trigger	Flush On Trigger	String	Enabling Flush on Trigger activates the next alert rule only by new set of events. Accepts only “on” as value to enable flush on trigger. Optional Field
id	-	String	Alert rule id . Mandatory Field
limit	Limit	int	Number of logs. Minimum value for the field is 1. Mandatory Field
log_source	Log Sources	[String]	List of log sources from where the logs should be collected. Optional Field
manageable_by	Manageable by	[String]	A list of incident user groups ID where users can re-assign, comment on, view data and resolve the generated incidents. Optional Field
metadata	Metadata	[json]	Optional Field. Array of key-value pair objects to define custom metadata for an alert rule. Each object in the array must include the following parameters: field: Field for the custom metadata. value: Value associated with the given field.
original_data	Alert using original data	boolean	Alert will be generated with encrypted data where Data Privacy Module is enabled. Setting this value as “true” sends request to generate alert with original data. Can be true/false. Optional Field
query	Query	String	The query for which the alert rule should be fired. Optional Field
repos	Repos	[String]	The list of the Repos that you want to monitor for the matching alert condition. Mandatory Field
risk	Risk	String	Risk level of the Alert. Accepts values such as “low”, “medium”, “high” and “critical”. Used for calculating Risk Value of the alert. Mandatory Field
search_interval_minute	Search Interval (Minutes)	int	Specify the custom search interval for retrieving the logs via search in minutes. Optional Field
searchname	Name	String	Name of the alert rule. It should be a unique valid string. Mandatory Field
throttling_enabled	Alert Throttling	String	Accepts “on” as value to enable Alert Throttling. Can be “on” only. Optional Field
throttling_field	Field	String	Specify a field on the basis of which alert throttling will be applied. Can be positive integer or 0. Mandatory only when the value of throttling_enabled is “on”. Optional Field
throttling_time_range	Minutes	int	Specify a time in minutes for which alert will not be dispatched. Mandatory only when the value of the value of throttling_enabled is “on”. Optional Field
timerange_day	Day	int	Specify the timerange in Day for which the alert condition is to be matched. Either timerange_day or timerange_hour must be present when timerange_minute is not present in the request. Optional Field
timerange_hour	Hour	int	Specify the timerange in Hour for which the alert condition is to be matched. Either timerange_day or timerange_hour must be present when timerange_minute is not present in the request. Optional Field
timerange_minute	Minute	int	Specify the timerange in Minute for which the alert condition is to be matched. Mandatory only when timerange_day and timerange_hour is not present in the request. Optional Field

Request Example

{
    "data": {
        "aggregate": "min",
        "alert_context_template": "{% for item in rows %}{{ item.col_ts }}{{item.device_ip}}{{item.source_address}}{%- endfor %}",
        "assigned_to": "5b2a1204d8aaa4136bd32baa",
        "attack_tag": [
            "fa31b91e608e4d840a773d891f3e0a84",
            "bfe6e195e59084a433a6cf3083056b01"
        ],
        "condition_option": "greaterthan",
        "condition_value": 5,
        "delay_interval_minute": 5,
        "description": "Notification of average severity level per device",
        "flush_on_trigger": "on",
        "limit": 25,
        "log_source": [
            "log1",
            "log2"
        ],
        "manageable_by": [
            "5a467b3dd8aaa461c3139038",
            "5a467b3dd8aaa461c3139039"
        ],
        "metadata": [
            {
                "field": "device_ip",
                "value": "127.0.0.1"
            },
            {
                "field": "device_name",
                "value": "localhost"
            }
        ],
        "original_data": "true",
        "query": "severity=*|chart avg(severity) by device_ip",
        "repos": [
            "127.0.0.1:5504/_LogPointAlerts",
            "127.0.0.1:5504/_logpoint"
        ],
        "risk": "medium",
        "search_interval_minute": 5,
        "searchname": "Average severity level per device",
        "throttling_enabled": "on",
        "throttling_field": "user",
        "throttling_time_range": 5,
        "timerange_minute": 10
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

AlertRules - EmailNotification¶

Setup email notification for an alert rule

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/{id}/EmailNotification

Parameter

Field	Label in UI	Type	Description
b64_logo	-	String	Base64 encoded logo image. Only “jpeg” image type upto 160*75 dimension is allowed. Should be a comma separated value containing type of image and base64 encoded value. Mandatory only when the value of logo_enable is “true”. Optional Field
dispatch_option	Notification Trigger	String	Describes the notification trigger mechanism. Value can be either “auto” or “manual”. Value must be “auto” to automatically trigger the notification and the value must be “manual” to manually trigger the notification. Optional Field
email_emails	Emails	[String]	Accepts a list of email addresses where you want to setup the email notification. Mandatory only when the value of notify_email is “on”. Optional Field
email_template	Message	String	Message of the Email. Optional Field
email_threshold_option	Threshold	String	Time Unit for email threshold. Can be minute/hour/day. Mandatory only when the value of email_threshold_value is required. Optional Field
email_threshold_value	Threshold	int	Value for email threshold. Can be positive integer. Mandatory only when the value of email_threshold_option is required. Optional Field
id	-	String	Alert rule id . Mandatory Field
link_disable	Disable Search Link	boolean	Value must be “true” to disable the search link in the email or must be “false” to enable the search link in the email. Optional Field
logo_enable	Enable Logo	boolean	Value must be “true” to add a logo or “false” to remove/disable the logo. Optional Field
notify_email	Notify via email	String	Accepts on/off as values to enable/disable email notification for an alert rule. Mandatory Field
subject	Subject	String	Subject of the Email. Optional Field

Request Example

{
    "data": {
        "b64_logo": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAMCAgICAgMCAgIDAwMDBAYEBAQEBAgGBgUGCQgKCgkICQkKDA8MCgsOCwkJDRENDg8QEBEQCgwSExIQEw8QEBD/2wBDAQMDAwQDBAgEBAgQCwkLEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBD/wAARCAAhACIDASIAAhEBAxEB/8QAFwABAQEBAAAAAAAAAAAAAAAAAAYHCf/EACMQAAEDBAIDAAMAAAAAAAAAAAEAAgQDBgcRBSESFDETIlH/xAAYAQADAQEAAAAAAAAAAAAAAAAAAgMBBP/EACARAAICAgIDAQEAAAAAAAAAAAEDAAIEESExEhNBBVH/2gAMAwEAAhEDEQA/AOqaIozKeTIOLuBoc1M4yvPdKkiLSo0nBvfg55cSd6Aax3wEk6AHaatTc+I7jrVd1wtY2T8Es0WYY2zhFyDcL7dfbMrjK3qPl0qj6we14Y5rXNI01zT+7SNjRG++lp6ZirpPjeZell2Nbggj4eIREU4sKUyHYtC/OOhwa0j8RhyvZaTvs+DmfR8On7B/oVWim5VXrK79H+cS2PkMxWhyjqw6mSY1wjLsS+JF0O5WK6GYdSLHiUKWiC97HEk6DQB4dADsuJJWtoi1dPXQUBJA455lc3Od+g33PO7aA611CIieckIiIhCIiIQiIiE//9k=",
        "dispatch_option": "auto",
        "email_emails": [
            "[email protected]",
            "[email protected]"
        ],
        "email_template": "This is to notify the user that the user logged more than 5 times.",
        "email_threshold_option": "minute",
        "email_threshold_value": 5,
        "link_disable": "false",
        "logo_enable": "true",
        "notify_email": "on",
        "subject": "The user logged more than 5 times."
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

AlertRules - FetchMyRules¶

Fetches all alert rules defined under MyRules.

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/MyAlertRules/fetch

Parameter

Field	Label in UI	Type	Description
active	-	boolean	Status(active/deactive) of the alert rules to fetch. Setting this value as “true” sends request to generate all active alert rules defined under MyRules section. Can be true/false. Optional Field
log_source	-	[String]	List of log sources. Filters alert rules according to the specified log sources in the list. If at least one log source in the alert rule matches one in the list, it is included in the filtered results. Optional Field.

Request Example

{
    "data": {
        "active": "true",
        "log_source": [
            "log1",
            "log2"
        ],
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}/{data_node}"
}

AlertRules - FetchSharedRules¶

Fetches all alert rules that has been shared.

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/SharedAlertRules/fetch

Parameter

Field	Label in UI	Type	Description
active	-	boolean	Status(active/deactive) of the alert rules to fetch. Setting this value as “true” sends request to generate all active alert rules defined under SharedRules section. Can be true/false. Optional Field
log_source	-	[String]	List of log sources. Filters alert rules according to the specified log sources in the list. If at least one log source in the alert rule matches one in the list, it is included in the filtered results. Optional Field.

Request Example

{
    "data": {
        "active": "true",
        "log_source": [
            "log1",
            "log2"
        ],
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}/{data_node}"
}

AlertRules - FetchUsedRules¶

Fetches all the vendor alert rules that have been used.

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/UsedAlertRules/fetch

Parameter

Field	Label in UI	Type	Description
active	-	boolean	Status(active/deactive) of the alert rules to fetch. Setting this value as “true” sends request to generate all active alert rules defined under UsedRules section. Can be true/false. Optional Field
log_source	-	[String]	List of log sources. Filters alert rules according to the specified log sources in the list. If at least one log source in the alert rule matches one in the list, it is included in the filtered results. Optional Field.

Request Example

{
    "data": {
        "active": "true",
        "log_source": [
            "log1",
            "log2"
        ],
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}/{data_node}"
}

AlertRules - FetchUsedSharedRules¶

Fetches the alert rules that were shared by users and are currently being used in the given Logpoint.

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/UsedSharedAlertRules/fetch

Parameter

Field	Label in UI	Type	Description
active	-	boolean	Status(active/deactive) of the alert rules to fetch. Setting this value as “true” sends request to generate all active alert rules defined under UsedSharedRules section. Can be true/false. Optional Field
log_source	-	[String]	List of log sources. Filters alert rules according to the specified log sources in the list. If at least one log source in the alert rule matches one in the list, it is included in the filtered results. Optional Field.

Request Example

{
    "data": {
        "active": "true",
        "log_source": [
            "log1",
            "log2"
        ],
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}/{data_node}"
}

AlertRules - FetchVendorRules¶

Fetches all alert rules provided by the vendor.

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/VendorAlertRules/fetch

Parameter

Field	Label in UI	Type	Description
log_source	-	[String]	List of log sources. Filters alert rules according to the specified log sources in the list. If at least one log source in the alert rule matches one in the list, it is included in the filtered results. Optional Field.

Request Example

{
    "data": {
        "log_source": [
            "log1",
            "log2"
        ],
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}/{data_node}"
}

AlertRules - HTTPNotification¶

Setup HTTP notification for an alert rule.

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/{id}/HTTPNotification

Parameter

Field	Label in UI	Type	Description
dispatch_option	Notification Trigger	String	Describes the notification trigger mechanism. Value can be either “auto” or “manual”. Value must be “auto” to automatically trigger the notification and the value must be “manual” to manually trigger the notification. . Optional Field.
http_body		String	Provides a template for the body of the HTTP notification in the String format. Provide the http_body only when http_request_type is POST, PUT, and PATCH. Optional Field.
http_header	Headers	json	To define http_header, you must provide the following parameters. auth_type : Value can be “basic_auth”, “api_token”, “bearer_token”. Mandatory auth_key : Authorization Key. Mandatory only when auth_type is set as basic_auth, api_token or bearer_token. auth_value : Authorization Value. Mandatory only when auth_type is set as api_token. auth_pass : Authorization Password. Mandatory only when auth_type is set as basic_auth. Optional Field.
http_querystring	Query String	String	Query string. Mandatory only when the value of notify_http is “on”. Optional Field.
http_request_type	Request Type	String	Request type of HTTP. Can be GET/POST/PUT/DELETE/PATCH/HEAD. Mandatory only when the value of notify_http is “on”. Optional Field.
http_threshold_option	Threshold	String	Time Unit for http threshold. Can be minute/hour/day. Mandatory only when the value of http_threshold_value is required. Optional Field.
http_threshold_value	Threshold	int	Value for http threshold. Can be positive integer. Mandatory only when the value of http_threshold_option is required. Optional Field.
http_url	Base URL	String	Contains URL to send HTTP notification. Mandatory only when the value of notify_http is “on”. Optional Field.
id	-	String	Alert rule id . Mandatory Field.
notify_http	Notify via HTTP	String	Accepts on/off as values to enable/disable http notification for an alert rule. Mandatory Field.
protocol	Protocol	String	Protocol to send the HTTP Notification. Can be HTTP/HTTPS. By default protocol will be set to HTTP in logpoint if value of notify_http is “on” and no protocol parameter is present in request. Optional Field.

Request Example

{
    "data": {
        "http_body": "{\"title\": \"{{alert_name}}\", \"description\": \"{{description}}\", \"risk\": \"{{risk}}\", \"dispatch_option\": \"auto\", \"query\": \"{{ extra_info.query }}\"}",
        "http_header": {
            "auth_key": "key1",
            "auth_pass": "pwd1",
            "auth_type": "basic_auth"
        },
        "http_querystring": "user='admin'&count=rows_count",
        "http_request_type": "POST",
        "http_threshold_option": "minute",
        "http_threshold_value": 5,
        "http_url": "http://www.test.com/try",
        "notify_http": "on"
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

AlertRules - Install¶

Install a given alertrule pak file

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/install

Parameter

Field	Label in UI	Type	Description
file_location	-	String	Location of the file to install. Can be either ‘private’ or ‘public’. Mandatory Field
file_name	Alert Rules	String	Name of the pak file for AlertRules. Mandatory Field
owner	-	String	ID of the user who owns alert rule. Mandatory Field

Request Example

{
    "data": {
        "file_location": "private",
        "file_name": "alert1.pak",
        "owner": "5a466e9dd8aaa4748d3977c7"
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

AlertRules - ListPrivateUploads¶

List all the pak files that contains alert rules in private storage

GET

https://api-server-host-name/configapi/{pool_UUID}/AlertRules/list

Success Response

[
    "test.pak"
]

AlertRules - ListPublicUploads¶

List all the pak files that contains alert rules in public storage

GET

https://api-server-host-name/configapi/AlertRules/list

Success Response

[
    "test.pak"
]

AlertRules - SMSNotification¶

Setup SMS notification for an alert rule.

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/{id}/SMSNotification

Parameter

Field	Label in UI	Type	Description
dispatch_option	Notification Trigger	String	Describes how a notification is triggered. Value can be the default “auto”, or “manual”. “Auto” automatically triggers a notification and “manual” requires a user to do it. Optional Field.
id	-	String	Alert rule id. Mandatory Field.
notify_sms	Notify via SMS	String	Accepts on/off as values to enable/disable sms notification for an alert rule. Mandatory Field.
sms_body	Body	String	SMS notification message. Optional Field.
sms_password	Password	String	sms_server password. Mandatory only when the value of notify_sms is “on”. Optional Field.
sms_port	Port	int	Port number of sms_server. Mandatory only when the value of notify_sms is “on”. Optional Field.
sms_receivers	Receivers	[String]	List of receiver phone numbers. The receivers’ numbers must be between 3 and 15 numerical digits. Mandatory only when the value of notify_sms is “on”. Optional Field.
sms_sender	Sender ID	String	Sender ID for the sms_server. Mandatory only when the value of notify_sms is “on”. Optional Field.
sms_server	SMSC Server	String	Destination server address. Mandatory only when the value of notify_sms is “on”. Optional Field.
sms_threshold_option	Threshold	String	Time Unit for sms threshold. Can be minute/hour/day. Mandatory only when the value of sms_threshold_value is required. Optional Field.
sms_threshold_value	Threshold	int	Value for sms threshold. Can be a positive integer. Mandatory only when the value of sms_threshold_option is present in the request. Optional Field.
sms_username	Username	String	Username for the sms_server. Mandatory only when the value of notify_sms is “on”. Optional Field.

Request Example

{
    "data": {
        "dispatch_option": "auto",
        "notify_sms": "on",
        "sms_body": "New alert dispatched",
        "sms_password": "password1",
        "sms_port": 2775,
        "sms_receivers": [
            "+998939893",
            "5110521"
        ],
        "sms_sender": "SH-LPO",
        "sms_server": "127.0.0.1",
        "sms_threshold_option": "minute",
        "sms_threshold_value": 5,
        "sms_username": "johnwatson"
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

AlertRules - SNMPNotification¶

Setup SNMP notification for an alert rule

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/{id}/SNMPNotification

Parameter

Field	Label in UI	Type	Description
dispatch_option	Notification Trigger	String	Describes the notification trigger mechanism. Value can be either “auto” or “manual”. Value must be “auto” to automatically trigger the notification and the value must be “manual” to manually trigger the notification. . Optional Field
id	-	String	Alert rule id . Mandatory Field
notify_snmp	Notify via SNMP Traps	String	Accepts on/off as values to enable/disable snmp notification for an alert rule. Mandatory Field
snmp_agent	Agent	String	Name of the agent that sends SNMP trap. Mandatory only when the value of snmp_version is SNMPv2c. Optional Field
snmp_authorization_key	Authorization Key	String	Authorization Key for SNMPv3. Mandatory only when the value of snmp_version is SNMPv3. Optional Field
snmp_community_string	Community String	String	Passphrase in the Community String. Mandatory only when the value of snmp_version is SNMPv2c. Optional Field
snmp_ip	IP	String	IP address of trap receiver. Mandatory only when the value of notify_snmp is “on”. Optional Field
snmp_message	Message	String	OID’s corresponding value in the Message. Optional Field
snmp_oid	OID	String	Valid SNMP trap or Enterprise specific OID [Object Identifier] to the corresponding alert in the dotted decimal format. Make sure not to use the OID with leading dot while sending SNMP traps notifications in alerts. Mandatory only when the value of notify_ssh is “on”. Optional Field
snmp_port	Port	int	Port number of trap receiver. Mandatory only when the value of notify_snmp is “on”. Optional Field
snmp_private_key	Private Key	String	Private Key for SNMPv3. Mandatory only when the value of snmp_version is SNMPv3. Optional Field
snmp_threshold_option	Threshold	String	Time Unit for snmp threshold. Can be minute/hour/day. Mandatory only when the value of snmp_threshold_value is required. Optional Field
snmp_threshold_value	Threshold	int	Value for snmp threshold. Can be positive integer. Mandatory only when the value of snmp_threshold_option is required. Optional Field
snmp_username	Username	String	Username for SNMPv3. Mandatory only when the value of snmp_version is SNMPv3. Optional Field
snmp_version	SNMP Version	String	Version can be SNMPv2c or SNMPv3. Mandatory only when the value of notify_snmp is “on”. Optional Field

Request Example

{
    "data": {
        "dispatch_option": "auto",
        "notify_snmp": "on",
        "snmp_agent": "192.168.3.12",
        "snmp_community_string": "public",
        "snmp_ip": "10.45.9.20",
        "snmp_message": "Alert rule was fired.",
        "snmp_oid": "1.3.6.1.4.1.8072.1.2.1.1.5.0.1.2.05",
        "snmp_port": 192,
        "snmp_threshold_enabled": "on",
        "snmp_threshold_option": "minute",
        "snmp_threshold_value": 5,
        "snmp_version": "SNMPv2c"
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

AlertRules - SSHNotification¶

Setup SSH notification for an alert rule.

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/{id}/SSHNotification

Parameter

Field	Label in UI	Type	Description
dispatch_option	Notification Trigger	String	Describes the notification trigger mechanism. Value can be either “auto” or “manual”. Value must be “auto” to automatically trigger the notification and the value must be “manual” to manually trigger the notification. . Optional Field
id	-	String	Alert rule id . Mandatory Field
notify_ssh	Notify via SSH	String	Accepts on/off as values to enable/disable ssh notification for an alert rule. Mandatory Field
ssh_auth_password	Password	String	Password. Mandatory only when the value of ssh_auth_type is “password”. Optional Field
ssh_auth_type	Authentication	String	Specify the auth type which can be “password” or “certificate”. Mandatory only when the value of notify_ssh is “on”. Optional Field
ssh_cert_type	Certificate Type	String	Type of Certificate. Use ssh_cert_type when ssh_auth_type is certificate. Values can be system_cert for system certificate and user_cert for user certificate. Optional Field
ssh_command	Command	String	Command you want to execute when the alert rule is fired. Make sure that the command is a valid bash command and is executable. Mandatory only when the value of notify_ssh is “on”. Optional Field
ssh_port	Port	int	Port number. Mandatory only when the value of notify_ssh is “on”. Optional Field
ssh_server	Server	String	Destination server address. Mandatory only when the value of notify_ssh is “on”. Optional Field
ssh_threshold_option	Threshold	String	Time Unit for ssh threshold. Can be minute/hour/day. Mandatory only when the value of ssh_threshold_value is required. Optional Field
ssh_threshold_value	Threshold	int	Value for ssh threshold. Can be positive integer. Mandatory only when the value of ssh_threshold_option is required. Optional Field
ssh_username	Username	String	Username for the user in destination server. Mandatory only when the value of notify_ssh is “on”. Optional Field

Request Example

{
    "data": {
        "dispatch_option": "auto",
        "notify_ssh": "on",
        "ssh_auth_password": "password1",
        "ssh_auth_type": "password",
        "ssh_command": "command1",
        "ssh_port": 22,
        "ssh_server": "10.45.9.18",
        "ssh_threshold_option": "minute",
        "ssh_threshold_value": 5,
        "ssh_username": "username1"
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

AlertRules - ShareWithUsers¶

Shares the alert rule by given id with specified usergroups or users with specific permissions.

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/{id}/share

Parameter

Field	Label in UI	Type	Description
id	-	String	Alert rule id . Mandatory Field
rbac_config	-	[json]	Alert sharing config using RBAC. Either it can be empty list or following parameters should be provided to define rbac_config. group_id : Id of usergroup. Mandatory field. group_permission : Permission at the group level. Optional field. Can be either “READ”, “EDIT” or “FULL”. Either group_permission or user_permissions must be present in the request. If present, user_permissions should not be present in request and this permission applies to all users in that group. user_permissions : List of user permissions. Either group_permission or user_permissions must be present in the request. If present, should not be empty list. Must have at least one user permission object. To define user_permissions following parameters should be used. user_id : Id of user for which permission is to be assigned. Mandatory field. permission : Can be either “READ”, “EDIT” or “FULL”. Mandatory field. . Mandatory Field

Request Example

{
    "data": {
        "rbac_config": [
            {
                "group_id": "60616651b8a4470f71510082",
                "group_permission": "READ"
            },
            {
                "group_id": "605c56cacec4f90f9786cc87",
                "user_permissions": [
                    {
                        "permission": "EDIT",
                        "user_id": "605c56f36253bcd9fb1d1d67"
                    },
                    {
                        "permission": "FULL",
                        "user_id": "60640a538501f571ab422732"
                    }
                ]
            }
        ]
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

AlertRules - SyslogNotification¶

Setup SNMP notification for an alert rule

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/{id}/SyslogNotification

Parameter

Field	Label in UI	Type	Description
dispatch_option	Notification Trigger	String	Describes the notification trigger mechanism. Value can be either “auto” or “manual”. Value must be “auto” to automatically trigger the notification and the value must be “manual” to manually trigger the notification. . Optional Field
facility	Facility	int	Facility of the Syslog Notification. Values can be from 0 to 23 indicating different levels of facility of the Syslog Notification. Optional Field
id	-	String	Alert rule id . Mandatory Field
message	Message	String	Free-form message that provides information about the event. Optional Field
notify_syslog	Notify via Syslog	String	Accepts on/off as values to enable/disable syslog notification for an alert rule. Mandatory Field
port	Port	int	Port number of the remote syslog server where the notification should be sent. Mandatory only when the value of notify_syslog is “on”. Optional Field
protocol	-	String	Protocol to send the Syslog Notification. Can be UDP/TCP. Mandatory only when the value of notify_syslog is “on”. Optional Field
server	Server	String	Server address of the remote syslog server where the notification should be sent. Mandatory only when the value of notify_syslog is “on”. Optional Field
severity	Severity	int	Severity and Facility of the Syslog Notification. Values can be from 0 to 7 indicating different levels of severity of the Syslog Notification. Mandatory only when the value of notify_syslog is “on”. Optional Field
split_rows	-	boolean	Can be true/false. Select the Send each new line as separate syslognotification option to generate one syslogmessage for each log message in the search result. If this option is not selected, all messages within the chosen time range of the incident are compressed into one syslog message in the search result. Optional Field
threshold_option	Threshold	String	Time Unit for syslog threshold. Can be minute/hour/day. Mandatory only when the value of threshold_value is required. Optional Field
threshold_value	Threshold	int	Value for syslog threshold. Can be positive integer or 0. Mandatory only when the value of threshold_option is required. Optional Field

Request Example

{
    "data": {
        "dispatch_option": "auto",
        "facility": 9,
        "message": "The user logged more than 5 times.",
        "notify_syslog": "on",
        "port": 192,
        "protocol": "UDP",
        "server": "10.45.9.20",
        "severity": 4,
        "split_rows": "true",
        "threshold_option": "minute",
        "threshold_value": 5
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

AlertRules - TransferOwnership¶

Transfer ownership of the alert rule to another user.

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/{id}/transferOwnership

Parameter

Field	Label in UI	Type	Description
id	-	String	Alert rule id . Mandatory Field
userid	-	String	Transfer ownership of the alert rule with given User id. Mandatory Field

Request Example

{
    "data": {
        "userid": "574fceedd8aaa40740736302"
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

AlertRules - Trash¶

Deletes the alert rule with given id .

DELETE

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/{id}

Parameter

Field	Label in UI	Type	Description
id	-	String	Alert rule id . Mandatory Field

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

AlertRules - TrashPrivateUploads¶

Delete the file with given name from private storage

DELETE

https://api-server-host-name/configapi/{pool_UUID}/AlertRules/{file_name}

Parameter

Field	Label in UI	Type	Description
file_name		String	Name of the file to be deleted. Mandatory Field

Success Response

{
    "status": "Success",
    "message": "Alert1.pak successfully deleted"
}

AlertRules - TrashPublicUploads¶

Delete the file with given name from public storage

DELETE

https://api-server-host-name/configapi/AlertRules/{file_name}

Parameter

Field	Label in UI	Type	Description
file_name		String	Name of the file to be deleted. Mandatory Field

Success Response

{
    "status": "Success",
    "message": "Alert1.pak successfully deleted"
}

AlertRules - UnshareWithUsers¶

Unshares the alert rule with given id from all users within the pool.

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/{id}/unshare

Parameter

Field	Label in UI	Type	Description
id	-	String	Alert rule id . Mandatory Field

Request Example

{
    "data": {}
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

AlertRules - Upload¶

Upload pak files that contains alert rules to private storage. This upload should be used for alert rules only.

POST

https://api-server-host-name/configapi/{pool_UUID}/AlertRules/upload

Header

Field	Label in UI	Description
file_name		Name of the file to be uploaded.
Content-Type		application/octet-stream
replace_existing		Set the value of this parameter as ‘true’ to replace the existing file with the same name with the new file. Default value is ‘false’. Value can be ‘true’ or ‘false’. Optional field

Parameter

Field	Label in UI	Type	Description
file	-	[Object]	(pak) to be uploaded. Mandatory Field

Success Response

{
    "status": "Success",
    "message": "Alert1.pak successfully uploaded in private storage. "
}

AlertRules - UploadPublic¶

Upload pak files that contains alert rules to to public storage. This upload should be used for alert rules only.

POST

https://api-server-host-name/configapi/AlertRules/publicupload

Header

Field	Label in UI	Description
file_name		Name of the file to be uploaded.
Content-Type		application/octet-stream
replace_existing		Set the value of this parameter as ‘true’ to replace the existing file with the same name with the new file. Default value is ‘false’. Value can be ‘true’ or ‘false’. Optional field

Parameter

Field	Label in UI	Type	Description
file	-	[Object]	(pak) to be uploaded. Mandatory Field

Success Response

{
    "status": "Success",
    "message": "Alert1.pak successfully uploaded in public storage."
}

AlertRules - UseAlertRules¶

Use the alert rules shared by other LogPoint users or the vendor alert rules.

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/{id}/useAlertRules

Parameter

Field	Label in UI	Type	Description
id	-	String	Alert rule id . Mandatory Field
owner	-	String	ID of the user who will use the given alert rule. Mandatory Field

Request Example

{
    "data": {
        "owner": "5a466e9dd8aaa4748d3977c7"
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

AlertRules - UseVendorRules¶

Use the alert rules provided by your vendor.

DEPRECATED ! Will be removed in future version. Use <b>AlertRules - UseAlertRules</b> API instead.

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/AlertRules/{id}/useVendorRules

Parameter

Field	Label in UI	Type	Description
id	-	String	Alert rule id . Mandatory Field
owner	-	String	ID of the user who owns alert rule. Mandatory Field

Request Example

{
    "data": {
        "owner": "5a466e9dd8aaa4748d3977c7"
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

Helpful?