Version:

EnrichmentPolicy

EnrichmentPolicy - Create

Adds a new enrichment policy.

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/EnrichmentPolicy

Parameter

Field

Label in UI

Type

Description

id

-

String

Existing enrichment policy id . Mandatory Field

name

Policy Name

String

Enrichment policy name . Mandatory Field

description

Description

String

Description for the enrichment policy. Optional Field

specifications

Specification

[json]

Mandatory Field. The following parameters must be provided to define enrichment policy specifications:

rules: Rules for the enrichment policy. Optional field.

To define rules, the following parameters must be provided:

  • category: Value can be “simple” or “type_based”.

  • operation: Value must be “Equals”.

  • prefix: Value can be “true” or “false”. Mandatory only when category = “type_based”.

  • event_key: Event id. Mandatory only when category = “simple”.

  • source_key: Source id.

  • type: Value can only be “ip” or “string” or “num”. Mandatory only when category = “type_based”.

source : Enrichment source. Mandatory.

criteria : Criteria for the enrichment policy.

To define the enrichment criteria, the following parameter must be provided:

  • type: Value can be “KeyPresents” or “KeyPresentsValueMatches”.

  • key: The enrichment policy criteria is fulfilled if this key is present in the log.

  • value: The criteria is fulfilled if the above mentioned key and this value is present in the log. Mandatory

Request Example

{
    "data": {
        "name": "testPolicy",
        "specifications": [
            {
                "rules": [
                    {
                        "category": "simple",
                        "source_key": "id",
                        "prefix": false,
                        "operation": "Equals",
                        "type": "string",
                        "event_key": "id"
                    }
                ],
                "source": "test_odbc",
                "criteria": [
                    {
                        "type": "KeyPresents",
                        "key": "id",
                        "value": ""
                    }
                ]
            }
        ],
        "description": "Enrichment Policy <i> description </i>."
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

EnrichmentPolicy - Edit

Edits an enrichment policy of given id.

PUT

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/EnrichmentPolicy/{id}

Parameter

Field

Label in UI

Type

Description

id

-

String

Existing enrichment policy id . Mandatory Field

name

Policy Name

String

Enrichment policy name . Mandatory Field

description

Description

String

Description for the enrichment policy. Optional Field

specifications

Specification

[json]

Mandatory Field. The following parameters must be provided to define enrichment policy specifications:

rules: Rules for the enrichment policy. Optional field.

To define rules, the following parameters must be provided:

  • category: Value can be “simple” or “type_based”.

  • operation: Value must be “Equals”.

  • prefix: Value can be “true” or “false”. Mandatory only when category = “type_based”.

  • event_key: Event id. Mandatory only when category = “simple”.

  • source_key: Source id.

  • type: Value can only be “ip” or “string” or “num”. Mandatory only when category = “type_based”.

source : Enrichment source. Mandatory.

criteria : Criteria for the enrichment policy.

To define the enrichment criteria, the following parameter must be provided:

  • type: Value can be “KeyPresents” or “KeyPresentsValueMatches”.

  • key: The enrichment policy criteria is fulfilled if this key is present in the log.

  • value: The criteria is fulfilled if the above mentioned key and this value is present in the log. Mandatory

Request Example

{
    "data": {
        "name": "testPolicy",
        "description": "Enrichment Policy Description.",
        "specifications": [
            {
                "criteria": [
                    {
                        "type": "KeyPresents",
                        "key": "id",
                        "value": ""
                    }
                ],
                "source": "test_odbc",
                "rules": [
                    {
                        "source_key": "id",
                        "operation": "Equals",
                        "event_key": "id",
                        "category": "simple",
                        "type": "string",
                        "prefix": false
                    }
                ]
            }
        ]
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

EnrichmentPolicy - Get

Fetches an enrichment policy with given id.

GET

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/EnrichmentPolicy/{id}

Parameter

Field

Label in UI

Type

Description

id

-

String

Existing Enrichment Policy id .

Success Response

{
    "name": "testPolicy",
    "specifications": [
        {
            "rules": [
                {
                    "category": "simple",
                    "operation": "Equals",
                    "prefix": false,
                    "event_key": "id",
                    "source_key": "id"
                }
            ],
            "source": "test_odbc",
            "criteria": [
                {
                    "type": "KeyPresents",
                    "key": "id",
                    "value": ""
                }
            ]
        }
    ],
    "id": "574fb123d8aaa4625bfe2d23",
    "description": "Enrichment Policy <i> description </i>."
}

EnrichmentPolicy - List

Lists all enrichment policies.

GET

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/EnrichmentPolicy

Success Response

[
    {
        "name": "testPolicy",
        "specifications": [
            {
                "rules": [
                    {
                        "category": "simple",
                        "source_key": "id",
                        "prefix": false,
                        "operation": "Equals",
                        "type": "string",
                        "event_key": "id"
                    }
                ],
                "source": "test_odbc",
                "criteria": [
                    {
                        "type": "KeyPresents",
                        "key": "id",
                        "value": ""
                    }
                ]
            }
        ],
        "id": "574fb123d8aaa4625bfe2d23",
        "description": "Enrichment Policy <i> description </i>."
    }
]

EnrichmentPolicy - Trash

Deletes an enrichment policy with given id.

DELETE

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/EnrichmentPolicy/{id}

Parameter

Field

Label in UI

Type

Description

id

-

String

Enrichment Policy id . Mandatory Field

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}
Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support