|
305 | 305 | print(get_alert_rule_details_r) |
306 | 306 |
|
307 | 307 | # create_alert_rule |
308 | | -# polling_interval can be DISABLED, THIRTY_MINUTES, ONE_HOUR, FOUR_HOURS, EIGHT_HOURS, TWELVE_HOURS, ONE_DAY, and ONE_WEEK |
| 308 | +# polling_interval can be DISABLED, THIRTY_MINUTES, ONE_HOUR, FOUR_HOURS, EIGHT_HOURS, TWELVE_HOURS, ONE_DAY, or ONE_WEEK |
| 309 | +# severity can be INFO, LOW, MEDIUM, HIGH, or CRITICAL |
309 | 310 | webhook_token = "<SECRET>" |
310 | 311 |
|
311 | 312 | webhook_action_config = { |
|
346 | 347 | print(delete_alert_rule_r) |
347 | 348 |
|
348 | 349 | # update_alert_rule |
349 | | -update_alert_rule_r = j1.update_alert_rule(rule_id="<GUID>", |
350 | | - j1ql="find jupiterone_user as i return i._key", |
| 350 | +alert_rule_config_alert = [ |
| 351 | + { |
| 352 | + "type": "CREATE_ALERT" |
| 353 | + } |
| 354 | +] |
| 355 | + |
| 356 | +alert_rule_config_tag = [ |
| 357 | + { |
| 358 | + "type": "TAG_ENTITIES", |
| 359 | + "entities": "{{queries.query0.data}}", |
| 360 | + "tags": [ |
| 361 | + { |
| 362 | + "name": "tagName", |
| 363 | + "value": "tagValue" |
| 364 | + } |
| 365 | + ] |
| 366 | + } |
| 367 | +] |
| 368 | + |
| 369 | +alert_rule_config_webhook = [ |
| 370 | + { |
| 371 | + "type": "WEBHOOK", |
| 372 | + "endpoint": "https://webhook.example", |
| 373 | + "headers": { |
| 374 | + "Authorization": "Bearer <TOKEN>" |
| 375 | + }, |
| 376 | + "method": "POST", |
| 377 | + "body": { |
| 378 | + "queryData": "{{queries.query0.data}}" |
| 379 | + } |
| 380 | + } |
| 381 | +] |
| 382 | + |
| 383 | +alert_rule_config_multiple = [ |
| 384 | + { |
| 385 | + "type": "WEBHOOK", |
| 386 | + "endpoint": "https://webhook.example", |
| 387 | + "headers": { |
| 388 | + "Authorization": "Bearer <TOKEN>" |
| 389 | + }, |
| 390 | + "method": "POST", |
| 391 | + "body": { |
| 392 | + "queryData": "{{queries.query0.data}}" |
| 393 | + } |
| 394 | + }, |
| 395 | + { |
| 396 | + "type": "TAG_ENTITIES", |
| 397 | + "entities": "{{queries.query0.data}}", |
| 398 | + "tags": [ |
| 399 | + { |
| 400 | + "name": "tagName", |
| 401 | + "value": "tagValue" |
| 402 | + } |
| 403 | + ] |
| 404 | + } |
| 405 | +] |
| 406 | + |
| 407 | +# tag_op can be OVERWRITE or APPEND |
| 408 | +# severity can be INFO, LOW, MEDIUM, HIGH, or CRITICAL |
| 409 | +# action_configs_op can be OVERWRITE or APPEND |
| 410 | + |
| 411 | +update_alert_rule_r = j1.update_alert_rule(rule_id="GUID>", |
| 412 | + name="Updated Alert Rule Name", |
| 413 | + description="Updated Alert Rule Description", |
| 414 | + j1ql="find jupiterone_user", |
351 | 415 | polling_interval="ONE_WEEK", |
352 | | - tags=['new_tag1', 'new_tag2']) |
| 416 | + tags=['tag1', 'tag2', 'tag3'], |
| 417 | + tag_op="OVERWRITE", |
| 418 | + severity="INFO", |
| 419 | + action_configs=alert_rule_config_tag, |
| 420 | + action_configs_op="OVERWRITE") |
353 | 421 | print("update_alert_rule()") |
354 | 422 | print(json.dumps(update_alert_rule_r, indent=1)) |
355 | 423 |
|
|
359 | 427 | print(json.dumps(evaluate_alert_rule_r, indent=1)) |
360 | 428 |
|
361 | 429 |
|
| 430 | + |
| 431 | + |
0 commit comments