/alert
Methods
Gets the list of Alerts.
Fields Parameter
The fields parameter should be specified along the query string, and it takes the syntax
?fields=<field>,...
Allowed Fields
*id
**name
**description
**status
owner
ownerGroup
triggerName
triggerOperator
triggerValue
modifiedTime
createdTime
lastTriggered
lastEvaluated
executeOnEveryTrigger
didTriggerLastEvaluation
schedule
action
query
canUse
canManage
Legend
* = always comes back
Filter Parameters
usable - The response will be an object containing an array of usable Alerts. By default, both usable and manageable objects are returned.
manageable - The response will be an object containing all manageable Alerts. By default, both usable and manageable objects are returned.
Request Query Parameters
None
Example Response
{ "type" : "regular", "response" : { "usable" : [ { "id" : "1", "name" : "Test Alert 1", "description" : "All Action Types, vuln query", "status" : "0" } ], "manageable" : [ { "id" : "1", "name" : "Test Alert 1", "description" : "All Action Types, vuln query", "status" : "0" } ] }, "error_code" : 0, "error_msg" : "", "warnings" : [], "timestamp" : 1424975381 }
Adds an Alert.
NOTE: Alerts do not currently support Queries of type 'all', 'alert' or 'mobile'. Values for triggerName are based on the Query's 'type' and are as follows:
- query type 'lce': sumip, sumport, listdata
- query type 'vuln': sumip, sumport, sumid
- query type 'ticket': listtickets
- query type 'user': listusers
Request Parameters
{ "name" : <string>, "description" : <string> DEFAULT "", "query" : { <valid Query Object> | "id" : <number> }, "triggerName" : <string>, "triggerOperator" : <string> '>=' | '<=' | '=' | '!=', "triggerValue" : <number>, "executeOnEveryTrigger" : <string> "false" | "true" DEFAULT "false", "schedule" : { "type" : <string> "dependent" | "ical" | "never" | "rollover" | "template" DEFAULT "never" type "ical" ----------- "start" : <string> (This value takes the iCal format), "repeatRule" : <string> (This value takes the repeat rule format) }, "action" : [ { "type" : <string> "email" | "notification" | "report" | "scan" | "syslog" | "ticket", type "email" ------------ "subject" : <string>, "message" : <string> DEFAULT "", "addresses" : <string> (valid email addresses separated by '\n') DEFAULT "", "users" : [ { "id" : <number> }... ] DEFAULT [], "includeResults" : <string> "false" | "true" DEFAULT "true" type "notification" ------------ "message" : <string>, "users" : [ { "id" : <string> }... ] type "report" ------------ "report" : { "id" : <number> } type "scan" ------------ "scan" : { "id" : <number>, } type "syslog" ------------ "host" : <string> (valid IP address), "port" : <string> (valid server port), "message" : <string>, "severity" : <string> "Critical" | "Notice" | "Warning" type "ticket" ------------ "assignee" : { "id" : <number> }, "name" : <string> DEFAULT "", "description" : <string> DEFAULT "", "notes" : <string> DEFAULT "" }... ] }
Example Response
{ "type" : "regular", "response" : { "id" : "2", "name" : "Test Patch", "description" : "All Action Types, vuln query", "triggerName" : "sumip", "triggerOperator" : "=", "triggerValue" : "1000", "modifiedTime" : "1424978025", "createdTime" : "1424976588", "lastTriggered" : "0", "lastEvaluated" : "1424978004", "executeOnEveryTrigger" : "false", "didTriggerLastEvaluation" : "false", "status" : "0", "action" : [ { "id" : "61", "type" : "email", "definition" : { "subject" : "Test Email Action", "message" : "", "addresses" : "", "users" : [ { "id" : "1", "username" : "head", "firstname" : "Security Manager", "lastname" : "", "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104" } ], "includeResults" : "true" }, "objectID" : "-1", "status" : "0", "users" : [ { "id" : "1", "username" : "head", "firstname" : "Security Manager", "lastname" : "", "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104" } ] }, { "id" : "62", "type" : "notification", "definition" : { "message" : "Test Notification Action", "users" : [ { "id" : "1", "username" : "head", "firstname" : "Security Manager", "lastname" : "", "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104" } ] }, "objectID" : "-1", "status" : "0", "users" : [ { "id" : "1", "username" : "head", "firstname" : "Security Manager", "lastname" : "", "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104" } ] }, { "id" : "63", "type" : "report", "definition" : { "reportID" : "11", "report" : { "id" : -1, "name" : "", "description" : "" } }, "objectID" : "11", "status" : "0", "users" : [] }, { "id" : "64", "type" : "scan", "definition" : { "scan" : { "id" : "60", "name" : "Test Scan", "description" : "Used for Alert - needs to be default template schedule", "type" : "policy", "uuid" : "29F2B9E1-ADE9-4550-B63C-CEA1423E52FC" } }, "objectID" : "60", "status" : "0", "users" : [] }, { "id" : "65", "type" : "syslog", "definition" : { "host" : "127.0.0.1", "port" : "22", "message" : "127.0.0.1 port 22", "severity" : { "id" : -1, "name" : "", "description" : "" } }, "objectID" : "-1", "status" : "0", "users" : [] }, { "id" : "66", "type" : "ticket", "definition" : { "name" : "", "description" : "", "notes" : "", "assigneeID" : "1", "assignee" : { "id" : "1", "username" : "head", "firstname" : "Security Manager", "lastname" : "", "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104" } }, "objectID" : "-1", "status" : "0", "users" : [] } ], "schedule" : { "type" : "never", "start" : "", "repeatRule" : "" }, "query" : { "id" : "2", "name" : "Post Copy Response Example", "description" : "" }, "canUse" : "true", "canManage" : "true", "owner" : { "id" : "1", "username" : "head", "firstname" : "Security Manager", "lastname" : "", "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104" }, "ownerGroup" : { "id" : "0", "name" : "Full Access", "description" : "Full Access group" } }, "error_code" : 0, "error_msg" : "", "warnings" : [], "timestamp" : 1426867363 }
/alert/{id}
Methods
Gets the Alert associated with {id}.
Fields Parameter
The fields parameter should be specified along the query string, and it takes the syntax
?fields=<field>,...
Allowed Fields
*id
**name
**description
**status
owner
ownerGroup
triggerName
triggerOperator
triggerValue
modifiedTime
createdTime
lastTriggered
lastEvaluated
executeOnEveryTrigger
didTriggerLastEvaluation
schedule
action
query
canUse
canManage
Legend
* = always comes back
Request Parameters
None
Example Response
{ "type" : "regular", "response" : { "id" : "2", "name" : "Test Patch", "description" : "All Action Types, vuln query", "triggerName" : "sumip", "triggerOperator" : "=", "triggerValue" : "1000", "modifiedTime" : "1424978025", "createdTime" : "1424976588", "lastTriggered" : "0", "lastEvaluated" : "1424978004", "executeOnEveryTrigger" : "false", "didTriggerLastEvaluation" : "false", "status" : "0", "action" : [ { "id" : "61", "type" : "email", "definition" : { "subject" : "Test Email Action", "message" : "", "addresses" : "", "users" : [ { "id" : "1", "username" : "head", "firstname" : "Security Manager", "lastname" : "", "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104" } ], "includeResults" : "true" }, "objectID" : "-1", "status" : "0", "users" : [ { "id" : "1", "username" : "head", "firstname" : "Security Manager", "lastname" : "", "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104" } ] }, { "id" : "62", "type" : "notification", "definition" : { "message" : "Test Notification Action", "users" : [ { "id" : "1", "username" : "head", "firstname" : "Security Manager", "lastname" : "", "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104" } ] }, "objectID" : "-1", "status" : "0", "users" : [ { "id" : "1", "username" : "head", "firstname" : "Security Manager", "lastname" : "", "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104" } ] }, { "id" : "63", "type" : "report", "definition" : { "reportID" : "11", "report" : { "id" : -1, "name" : "", "description" : "" } }, "objectID" : "11", "status" : "0", "users" : [] }, { "id" : "64", "type" : "scan", "definition" : { "scan" : { "id" : "60", "name" : "Test Scan", "description" : "Used for Alert - needs to be default template schedule", "type" : "policy", "uuid" : "29F2B9E1-ADE9-4550-B63C-CEA1423E52FC" } }, "objectID" : "60", "status" : "0", "users" : [] }, { "id" : "65", "type" : "syslog", "definition" : { "host" : "127.0.0.1", "port" : "22", "message" : "127.0.0.1 port 22", "severity" : { "id" : -1, "name" : "", "description" : "" } }, "objectID" : "-1", "status" : "0", "users" : [] }, { "id" : "66", "type" : "ticket", "definition" : { "name" : "", "description" : "", "notes" : "", "assigneeID" : "1", "assignee" : { "id" : "1", "username" : "head", "firstname" : "Security Manager", "lastname" : "", "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104" } }, "objectID" : "-1", "status" : "0", "users" : [] } ], "schedule" : { "type" : "never", "start" : "", "repeatRule" : "" }, "query" : { "id" : "2", "name" : "Post Copy Response Example", "description" : "" }, "canUse" : "true", "canManage" : "true", "owner" : { "id" : "1", "username" : "head", "firstname" : "Security Manager", "lastname" : "", "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104" }, "ownerGroup" : { "id" : "0", "name" : "Full Access", "description" : "Full Access group" } }, "error_code" : 0, "error_msg" : "", "warnings" : [], "timestamp" : 1426867363 }
Edits the Alert associated with {id}, changing only the passed in fields.
Request Parameters
(All fields are optional)
See /alert::POST for parameters.
Example Response
Deletes the Alert associated with {id}, depending on access and permissions.
Request Parameters
None
Example Response
{ "type" : "regular", "response" : "1", "error_code" : 0, "error_msg" : "", "warnings" : [], "timestamp" : 1401911117 }
/alert/{id}/execute
Methods
Executes the Alert associated with {id}, depending on access and permissions
Request Parameters
None
Example Response
{ "type" : "regular", "response" : { "id" : "1", "name" : "Test Alert 1", "description" : "All Action Types, vuln query", "triggerName" : "sumip", "triggerOperator" : "=", "triggerValue" : "1000", "modifiedTime" : "1424812161", "createdTime" : "1424812161", "lastTriggered" : "0", "lastEvaluated" : "0", "executeOnEveryTrigger" : "false", "didTriggerLastEvaluation" : "false", "status" : "0", "action" : [ { "id" : "1", "type" : "email", "definition" : { "subject" : "Test Email Action", "message" : "", "addresses" : "", "users" : [ { "id" : "1", "username" : "head", "firstname" : "Security Manager", "lastname" : "", "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104" } ], "includeResults" : "true" }, "objectID" : "-1", "status" : "0", "subject" : "Test Email Action", "message" : "", "addresses" : "", "users" : [ { "id" : "1", "username" : "head", "firstname" : "Security Manager", "lastname" : "", "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104" } ], "includeResults" : "true" }, { "id" : "2", "type" : "notification", "definition" : { "message" : "Test Notification Action", "users" : [ { "id" : "1", "username" : "head", "firstname" : "Security Manager", "lastname" : "", "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104" } ] }, "objectID" : "-1", "status" : "0", "message" : "Test Notification Action", "users" : [ { "id" : "1", "username" : "head", "firstname" : "Security Manager", "lastname" : "", "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104" } ] }, { "id" : "3", "type" : "report", "definition" : { "report" : { "id" : "11" } }, "objectID" : "11", "status" : "0", "report" : { "id" : "11" }, "users" : [] }, { "id" : "4", "type" : "scan", "definition" : { "scan" : { "id" : "60", "name" : "Test Scan", "description" : "Used for Alert - needs to be default template schedule", "type" : "policy", "uuid" : "29F2B9E1-ADE9-4550-B63C-CEA1423E52FC" } }, "objectID" : "60", "status" : "0", "users" : [] }, { "id" : "5", "type" : "syslog", "definition" : { "host" : "127.0.0.1", "port" : "22", "message" : "127.0.0.1 port 22", "severity" : { "id" : -1, "name" : "", "description" : "" } }, "objectID" : "-1", "status" : "0", "host" : "127.0.0.1", "port" : "22", "message" : "127.0.0.1 port 22", "severity" : { "id" : -1, "name" : "", "description" : "" }, "users" : [] }, { "id" : "6", "type" : "ticket", "definition" : { "assignee" : { "id" : "1", "username" : "head", "firstname" : "Security Manager", "lastname" : "", "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104" }, "name" : "", "description" : "", "notes" : "" }, "objectID" : "-1", "status" : "0", "name" : "", "description" : "", "notes" : "", "users" : [] } ], "schedule" : { "type" : "never", "start" : "", "repeatRule" : "" }, "query" : { "id" : "2" }, "canUse" : "true", "canManage" : "true", "owner" : { "id" : "1", "username" : "head", "firstname" : "Security Manager", "lastname" : "", "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104" }, "ownerGroup" : { "id" : "0", "name" : "Full Access", "description" : "Full Access group" } }, "error_code" : 0, "error_msg" : "", "warnings" : [], "timestamp" : 1424975475 }