alerts

The alerts resource supports the following operations.

Method URL Description
GET alerts Get a list of all alerts.
GET alerts/{alert_id} Get a single alert by alert id.
POST alerts/disposition Disposition an Alert through API.

GET

/alerts

/alerts/{alert_id}

  • GET Parameters

    alert_id - Optional input parameter specifying alert by alert_id.

    Example

    /alerts/104

  • GET Query Parameters

    Query parameters are only used with GET requests and can be appended to the URL with a ? sign:

    ?reference_id - Optional query parameter specifying the alert by reference_id.

    Example

    /alerts?reference_id=20000-55000002-00-01-2784-2

  • Response Codes

    HTTP Status Code Reason
    200 Success
  • Response Body

    AlertResult

  • Example Curl Request

    Command with alert_id:

    curl -k -w '\nRESP_CODE: %{response_code}\n'
         -X GET https://10.13.37.12/api/alerts/807
    

    Output:

    {"alerts":[{
         "ALERTLOG_ID":"807",
         "ALERT_MESSAGE":"Node: tarb(127.0.0.1) - Alert 1 : User (admin) : Device (tarb)",
         "STATMON_ID":"1",
         "STATMON_LIFE_ID":"1",
         "CYCLE_NUM":"0",
         "LOG_DATE":"1485531000",
         "LAST_ESC_DATE":"1485534603",
         "ACK_DATE":"1486064927",
         "LAST_UPDATED":"0",
         "ACK_LEVEL":-1,
         "PCOUNTER":1,
         "ASC_ID":11,
         "IRP_ID":"1",
         "IRS_ID":"107",
         "AD_ID":2,
         "REFERENCE_ID":"20000- 55000002-00-01-2785-4",
         "USER_NAME":"admin",
         "NODE":"tarb",
         "SHORT_MESSAGE":"Alert 1 : User (admin) : Device (tarb)",
         "RULE_NAME":"Alert  1",
         "POLICY_NAME":"Kenny",
         "DISPOSITION_SCRIPT":".\/scripts\/disptest.php",
         "DISPOSITION_CONFIG":""}]
     }
    

    RESP_CODE: 200

    Command with reference_id:

    curl -k -w '\nRESP_CODE: %{response_code}\n'
         -X GET https://10.13.37.12/api/alerts?
                  reference_id=20000-55000002-00-01-2785-4
    

    Output:

    {"alerts":[{
         "ALERTLOG_ID":"807",
         "ALERT_MESSAGE":"Node: tarb(127.0.0.1) - Alert 1 : User (admin) : Device (tarb)",
         "STATMON_ID":"1",
         "STATMON_LIFE_ID":"1",
         "CYCLE_NUM":"0",
         "LOG_DATE":"1485531000",
         "LAST_ESC_DATE":"1485534603",
         "ACK_DATE":"1486064927",
         "LAST_UPDATED":"0",
         "ACK_LEVEL":-1,
         "PCOUNTER":1,
         "ASC_ID":11,
         "IRP_ID":"1",
         "IRS_ID":"107",
         "AD_ID":2,
         "REFERENCE_ID":"20000- 55000002-00-01-2785-4",
         "USER_NAME":"admin",
         "NODE":"tarb",
         "SHORT_MESSAGE":"Alert 1 : User (admin) : Device (tarb)",
         "RULE_NAME":"Alert  1",
         "POLICY_NAME":"Kenny",
         "DISPOSITION_SCRIPT":".\/scripts\/disptest.php",
         "DISPOSITION_C  ONFIG":""}]
    }
    
RESP_CODE: 200

POST

  • POST Parameters

    The alerts POST API only accepts parameters form. The request application/x-www-form-urlencode body should be in the following format:

    reference_id=value&disposition=14&username=value

    The required fields are the following:

    Field name Type Description
    reference_id Text The reference id of the alert that needs to be dispositioned.
    disposition Number The valid values are 0, 1, 2, 3, 4, 14, 15. Please see disposition table for description.
    username Text The username making the request. Used only for tracking and logging.
  • Disposition Description

    Value Description
    0 Open.
    1 Under Review.
    2 Acknowledged.
    3 Release.
    4 Disregarded. This will delete Alert from system.
    14 Closed.
    15 Closed and Locked. This will delete Alert from system.
  • Example Curl Request

    curl -k -w '\nRESP_CODE: %{response_code}\n'
         -X POST https://10.13.37.14/api/alerts/disposition
         -d 'reference_id=10000-01000009-00-01-4607- 4&disposition=2&username=testuser'
    

    Output:

    {"alerts":{
        "ok":true,
        "data":{
           "ALERTLOG_ID":117760,
           "ALERT_MESSAGE":"Node: tarb50.14(10.13.37.14) - Tcritical : Severity  (critical)",
           "STATMON_ID":1,
           "STATMON_LIFE_ID":1,
           "CYCLE_NUM":0,
           "LOG_DATE":1571839153,
           "LAST_ESC_DATE":1571842756,
           "ACK_DATE":1571856666,
           "LAST_UPDATED":0,
           "ACK_LEVEL":-1,
           "PCOUNTER" :1,
           "ASC_ID":11,
           "IRP_ID":2,
           "IRS_ID":5,
           "AD_ID":"2",
           "REFERENCE_ID":"10000-01000009-00-01- 4607-4",
           "USER_NAME":null,
           "NODE":"tarb50.14",
           "SHORT_MESSAGE":"Tcritical : Severity  (critical)",
           "RULE_NAME":"Tcritical",
           "POLICY_NAME":"Touy",
           "DISPOSITION_SCRIPT":"",
           "DISPO  SITION_CONFIG":""},
        "query":""}}
    

    RESP_CODE: 200