alerts#
The alerts resource supports the following operations.
Method |
URL |
Description |
---|---|---|
GET |
|
Get a list of all alerts. |
GET |
|
Get a single alert by alert id. |
POST |
|
Disposition an Alert through API. |
GET#
/alerts
/alerts/{alert_id}
GET Parameters
alert_id
- Optional input parameter specifying alert byalert_id
.Example
/alerts/104
GET Query Parameters
Query parameters are only used with GET requests and can be appended to the URL with a
?
sign:?reference_id
- Optional query parameter specifying the alert byreference_id
.Example
/alerts?reference_id=20000-55000002-00-01-2784-2
Response Codes
HTTP Status Code
Reason
200
Success
Response Body
AlertResult
Example Curl Request
Command with
alert_id
:curl -k -w '\nRESP_CODE: %{response_code}\n' -X GET https://10.13.37.12/api/alerts/807
Output:
{"alerts":[{ "ALERTLOG_ID":"807", "ALERT_MESSAGE":"Node: tarb(127.0.0.1) - Alert 1 : User (admin) : Device (tarb)", "STATMON_ID":"1", "STATMON_LIFE_ID":"1", "CYCLE_NUM":"0", "LOG_DATE":"1485531000", "LAST_ESC_DATE":"1485534603", "ACK_DATE":"1486064927", "LAST_UPDATED":"0", "ACK_LEVEL":-1, "PCOUNTER":1, "ASC_ID":11, "IRP_ID":"1", "IRP.IRP_NAME":"Default IRP (1626791390)", "IRS_ID":"107", "AD_ID":2, "AD.AD_DESCRIPTION":null, "REFERENCE_ID":"20000- 55000002-00-01-2785-4", "USER_NAME":"admin", "NODE":"tarb", "SHORT_MESSAGE":"Alert 1 : User (admin) : Device (tarb)", "RULE_NAME":"Alert 1", "POLICY_NAME":"Kenny", "DISPOSITION_SCRIPT":".\/scripts\/disptest.php", "DISPOSITION_CONFIG":""}] }
RESP_CODE:
200
Command with
reference_id
:curl -k -w '\nRESP_CODE: %{response_code}\n' -X GET https://10.13.37.12/api/alerts? reference_id=20000-55000002-00-01-2785-4
Output:
{"alerts":[{ "ALERTLOG_ID":"807", "ALERT_MESSAGE":"Node: tarb(127.0.0.1) - Alert 1 : User (admin) : Device (tarb)", "STATMON_ID":"1", "STATMON_LIFE_ID":"1", "CYCLE_NUM":"0", "LOG_DATE":"1485531000", "LAST_ESC_DATE":"1485534603", "ACK_DATE":"1486064927", "LAST_UPDATED":"0", "ACK_LEVEL":-1, "PCOUNTER":1, "ASC_ID":11, "IRP_ID":"1", "IRP.IRP_NAME":"Default IRP (1626791390)", "IRS_ID":"107", "AD_ID":2, "AD.AD_DESCRIPTION":null, "REFERENCE_ID":"20000- 55000002-00-01-2785-4", "USER_NAME":"admin", "NODE":"tarb", "SHORT_MESSAGE":"Alert 1 : User (admin) : Device (tarb)", "RULE_NAME":"Alert 1", "POLICY_NAME":"Kenny", "DISPOSITION_SCRIPT":".\/scripts\/disptest.php", "DISPOSITION_C ONFIG":""}] }
RESP_CODE:
200
POST#
POST Parameters
The alerts POST API only accepts parameters form. The request
application/x-www-form-urlencode
body should be in the following format:reference_id=value&disposition=14&username=value
The required fields are the following:
Field name
Type
Description
reference_id
Text
The reference id of the alert that needs to be dispositioned.
disposition
Number
The valid values are 0, 1, 2, 3, 4, 14, 15. Please see disposition table for description.
username
Text
The username making the request. Used only for tracking and logging.
Disposition Description
Value
Description
0
Open.
1
Under Review.
2
Acknowledged.
3
Release.
4
Disregarded. This will delete Alert from system.
14
Closed.
15
Closed and Locked. This will delete Alert from system.
Example Curl Request
curl -k -w '\nRESP_CODE: %{response_code}\n' -X POST https://10.13.37.14/api/alerts/disposition -d 'reference_id=10000-01000009-00-01-4607- 4&disposition=2&username=testuser'
Output:
{"alerts":{ "ok":true, "data":{ "ALERTLOG_ID":117760, "ALERT_MESSAGE":"Node: tarb50.14(10.13.37.14) - Tcritical : Severity (critical)", "STATMON_ID":1, "STATMON_LIFE_ID":1, "CYCLE_NUM":0, "LOG_DATE":1571839153, "LAST_ESC_DATE":1571842756, "ACK_DATE":1571856666, "LAST_UPDATED":0, "ACK_LEVEL":-1, "PCOUNTER" :1, "ASC_ID":11, "IRP_ID":2, "IRP.IRP_NAME":"2 IRP (1626791391)", "IRS_ID":5, "AD_ID":"2", "AD.AD_DESCRIPTION":null, "REFERENCE_ID":"10000-01000009-00-01- 4607-4", "USER_NAME":null, "NODE":"tarb50.14", "SHORT_MESSAGE":"Tcritical : Severity (critical)", "RULE_NAME":"Tcritical", "POLICY_NAME":"Touy", "DISPOSITION_SCRIPT":"", "DISPOSITION_CONFIG":""}, "query":""}}
RESP_CODE:
200