alerts

The alerts resource supports the following operations.

Method	URL	Description
GET	alerts	Get a list of all alerts.
GET	alerts/{alert_id}	Get a single alert by alert id.
POST	alerts/disposition	Disposition an Alert through API.

GET

/alerts

/alerts/{alert_id}

• GET Parameters

  alert_id - Optional input parameter specifying alert by alert_id.

  Example

  /alerts/104

• GET Query Parameters

  Query parameters are only used with GET requests and can be appended to the URL with a ? sign:

  ?reference_id - Optional query parameter specifying the alert by reference_id.

  Example

  /alerts?reference_id=20000-55000002-00-01-2784-2

• Response Codes

  HTTP Status Code	Reason
  200	Success

• Response Body

  AlertResult

• Example Curl Request

  Command with alert_id:

  curl -k -w '\nRESP_CODE: %{response_code}\n'
       -X GET https://10.13.37.12/api/alerts/807
  

  Output:

  {"alerts":[{
       "ALERTLOG_ID":"807",
       "ALERT_MESSAGE":"Node: tarb(127.0.0.1) - Alert 1 : User (admin) : Device (tarb)",
       "STATMON_ID":"1",
       "STATMON_LIFE_ID":"1",
       "CYCLE_NUM":"0",
       "LOG_DATE":"1485531000",
       "LAST_ESC_DATE":"1485534603",
       "ACK_DATE":"1486064927",
       "LAST_UPDATED":"0",
       "ACK_LEVEL":-1,
       "PCOUNTER":1,
       "ASC_ID":11,
       "IRP_ID":"1",
       "IRS_ID":"107",
       "AD_ID":2,
       "REFERENCE_ID":"20000- 55000002-00-01-2785-4",
       "USER_NAME":"admin",
       "NODE":"tarb",
       "SHORT_MESSAGE":"Alert 1 : User (admin) : Device (tarb)",
       "RULE_NAME":"Alert  1",
       "POLICY_NAME":"Kenny",
       "DISPOSITION_SCRIPT":".\/scripts\/disptest.php",
       "DISPOSITION_CONFIG":""}]
   }
  

  RESP_CODE: 200

  Command with reference_id:

  curl -k -w '\nRESP_CODE: %{response_code}\n'
       -X GET https://10.13.37.12/api/alerts?
                reference_id=20000-55000002-00-01-2785-4
  

  Output:

  {"alerts":[{
       "ALERTLOG_ID":"807",
       "ALERT_MESSAGE":"Node: tarb(127.0.0.1) - Alert 1 : User (admin) : Device (tarb)",
       "STATMON_ID":"1",
       "STATMON_LIFE_ID":"1",
       "CYCLE_NUM":"0",
       "LOG_DATE":"1485531000",
       "LAST_ESC_DATE":"1485534603",
       "ACK_DATE":"1486064927",
       "LAST_UPDATED":"0",
       "ACK_LEVEL":-1,
       "PCOUNTER":1,
       "ASC_ID":11,
       "IRP_ID":"1",
       "IRS_ID":"107",
       "AD_ID":2,
       "REFERENCE_ID":"20000- 55000002-00-01-2785-4",
       "USER_NAME":"admin",
       "NODE":"tarb",
       "SHORT_MESSAGE":"Alert 1 : User (admin) : Device (tarb)",
       "RULE_NAME":"Alert  1",
       "POLICY_NAME":"Kenny",
       "DISPOSITION_SCRIPT":".\/scripts\/disptest.php",
       "DISPOSITION_C  ONFIG":""}]
  }
  

RESP_CODE: 200

POST

• POST Parameters

  The alerts POST API only accepts parameters form. The request application/x-www-form-urlencode body should be in the following format:

  reference_id=value&disposition=14&username=value

  The required fields are the following:

  Field name	Type	Description
  reference_id	Text	The reference id of the alert that needs to be dispositioned.
  disposition	Number	The valid values are 0, 1, 2, 3, 4, 14, 15. Please see disposition table for description.
  username	Text	The username making the request. Used only for tracking and logging.

• Disposition Description

  Value	Description
  0	Open.
  1	Under Review.
  2	Acknowledged.
  3	Release.
  4	Disregarded. This will delete Alert from system.
  14	Closed.
  15	Closed and Locked. This will delete Alert from system.

• Example Curl Request

  curl -k -w '\nRESP_CODE: %{response_code}\n'
       -X POST https://10.13.37.14/api/alerts/disposition
       -d 'reference_id=10000-01000009-00-01-4607- 4&disposition=2&username=testuser'
  

  Output:

  {"alerts":{
      "ok":true,
      "data":{
         "ALERTLOG_ID":117760,
         "ALERT_MESSAGE":"Node: tarb50.14(10.13.37.14) - Tcritical : Severity  (critical)",
         "STATMON_ID":1,
         "STATMON_LIFE_ID":1,
         "CYCLE_NUM":0,
         "LOG_DATE":1571839153,
         "LAST_ESC_DATE":1571842756,
         "ACK_DATE":1571856666,
         "LAST_UPDATED":0,
         "ACK_LEVEL":-1,
         "PCOUNTER" :1,
         "ASC_ID":11,
         "IRP_ID":2,
         "IRS_ID":5,
         "AD_ID":"2",
         "REFERENCE_ID":"10000-01000009-00-01- 4607-4",
         "USER_NAME":null,
         "NODE":"tarb50.14",
         "SHORT_MESSAGE":"Tcritical : Severity  (critical)",
         "RULE_NAME":"Tcritical",
         "POLICY_NAME":"Touy",
         "DISPOSITION_SCRIPT":"",
         "DISPO  SITION_CONFIG":""},
      "query":""}}
  

  RESP_CODE: 200