알러트

알러트에 대한 REST API 작업

개요

이러한 API 작업을 사용하여 상호작용합니다 알러트 Panther에서.

API를 호출하려면, 다음을 참조하세요 Panther REST API 사용 방법 지침—포함하여 이 문서 페이지에서 직접 호출하는 방법에 대한 지침.

필수 권한

에 대해 GET 작업의 경우, API 토큰에는 Read Alerts 권한이 있어야 합니다.
에 대해 패치 작업의 경우, API 토큰에는 Manage Alerts 권한이 있어야 합니다.

작업

Get an alert

get

Authorizations

X-API-KeystringRequired

Path parameters

idstringRequired

ID of the alert

Responses

200

OK response.

application/json

contextanyOptional

The context of this alert

contextTagsstring[] · max: 10Optional

the context tags for the alert

createdAtstringOptional

Date and time when the alert got created

eventCountinteger · int64Optional

The number of events that have been received for this alert

firstEventOccurredAtstringOptional

Date and time of this alert's first event

idstringRequired

The unique identifier of this alert

lastReceivedEventAtstringOptional

Date and time that the last event related to this alert was received

qualitystring · enumOptional

The quality of this Alert

Possible values:

runbookstringOptional

The runbook for this Alert, as extracted from its origin

severitystring · enumOptional

The severity of this Alert

Possible values:

statusstring · enumRequired

The status of this Alert

Possible values:

titlestringOptional

The title of this alert

typestringRequired

The type of this alert

400

bad_request: Bad Request response.

application/json

404

not_found: Not Found response.

application/json

get

/alerts/{id}

GET /alerts/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

{
  "assignee": {
    "id": "user",
    "type": "text"
  },
  "context": null,
  "contextTags": [
    "text"
  ],
  "createdAt": "text",
  "deliveries": [
    {
      "dispatchedAt": "text",
      "label": "text",
      "message": "text",
      "outputId": "text",
      "statusCode": 1,
      "success": true
    }
  ],
  "detection": {
    "id": "text",
    "type": "RULE"
  },
  "eventCount": 1,
  "firstEventOccurredAt": "text",
  "id": "text",
  "lastReceivedEventAt": "text",
  "quality": "NOISE",
  "runbook": "text",
  "severity": "CRITICAL",
  "status": "OPEN",
  "systemError": {
    "detection": {
      "id": "text",
      "type": "RULE"
    },
    "sourceId": "text",
    "sourceType": "text",
    "type": "text"
  },
  "title": "text",
  "type": "text",
  "updatedBy": {
    "id": "user",
    "type": "text"
  }
}

Update the status, assignee, quality or contextTags of an alert

patch

Authorizations

X-API-KeystringRequired

Path parameters

idstringRequired

ID of the alert

Body

assigneestringOptional

The ID of the assignee for this alert

contextTagsstring[] · max: 10Optional

the context tags for the alert

qualitystring · enumOptional

The quality of this Alert

Possible values:

statusstring · enumOptional

The status of this Alert

Possible values:

Responses

200

OK response.

No content

400

bad_request: Bad Request response.

application/json

404

not_found: Not Found response.

application/json

patch

/alerts/{id}

PATCH /alerts/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 76

{
  "assignee": "text",
  "contextTags": [
    "text"
  ],
  "quality": "NOISE",
  "status": "OPEN"
}

No content

List alerts

get

Authorizations

X-API-KeystringRequired

Query parameters

typestring · enumOptionalDefault: ALERTPossible values:

cursorstringOptional

the pagination token

limitinteger · int64 · max: 50Optional

the maximum results to return

Default: 25

created-afterstringOptional

The date and time after which the alerts were created. If empty we default to 30 days ago

Example: 1672531200

created-beforestringOptional

The date and time before which the alerts were created. If empty we default to the current time

Example: 1672531200

detection-idstringOptional

The detection ID to filter alerts by

sort-dirstring · enumOptional

The sort direction of the results

Default: descPossible values:

name-containsstringOptional

A string to search for in the alert name

log-sourcestring[]Optional

The log source of the alert

log-typestring[]Optional

The log type of the alert

resource-typestring[]Optional

The resource type of the alert

assigneestring[]Optional

The assignee of the alert. This should be a user id

event-count-mininteger · int64Optional

The minimum number of events in the alert

event-count-maxinteger · int64Optional

The maximum number of events in the alert

context-tagstring[]Optional

Filter by context tags applied to alerts

Responses

200

OK response.

application/json

nextstringOptional

Pagination token for the next page of results

400

bad_request: Bad Request response.

application/json

get

/alerts

GET /alerts HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

{
  "next": "text",
  "results": [
    {
      "assignee": {
        "id": "user",
        "type": "text"
      },
      "context": null,
      "contextTags": [
        "text"
      ],
      "createdAt": "text",
      "deliveries": [
        {
          "dispatchedAt": "text",
          "label": "text",
          "message": "text",
          "outputId": "text",
          "statusCode": 1,
          "success": true
        }
      ],
      "detection": {
        "id": "text",
        "type": "RULE"
      },
      "eventCount": 1,
      "firstEventOccurredAt": "text",
      "id": "text",
      "lastReceivedEventAt": "text",
      "quality": "NOISE",
      "runbook": "text",
      "severity": "CRITICAL",
      "status": "OPEN",
      "systemError": {
        "detection": {
          "id": "text",
          "type": "RULE"
        },
        "sourceId": "text",
        "sourceType": "text",
        "type": "text"
      },
      "title": "text",
      "type": "text",
      "updatedBy": {
        "id": "user",
        "type": "text"
      }
    }
  ]
}

Update the status, assignee, quality or contextTags of multiple alerts

patch

Authorizations

X-API-KeystringRequired

Body

assigneestringOptional

The ID of the assignee for this alert

contextTagsstring[] · max: 10Optional

the context tags for the alert

idsstring[]Required

The IDs of the alerts to patch

qualitystring · enumOptional

The quality of this Alert

Possible values:

statusstring · enumOptional

The status of this Alert

Possible values:

Responses

204

No Content response.

400

bad_request: Bad Request response.

application/json

404

not_found: Not Found response.

application/json

patch

/alerts

PATCH /alerts HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 91

{
  "assignee": "text",
  "contextTags": [
    "text"
  ],
  "ids": [
    "text"
  ],
  "quality": "NOISE",
  "status": "OPEN"
}

No content

List alert events

get

Authorizations

X-API-KeystringRequired

Path parameters

idstringRequired

The alert id

Query parameters

cursorstringOptional

the pagination token

limitinteger · int64 · max: 50Optional

the maximum results to return

Default: 25

Responses

200

OK response.

application/json

nextstringOptional

Pagination token for the next page of results

400

bad_request: Bad Request response.

application/json

404

not_found: Not Found response.

application/json

get

/alerts/{id}/events

GET /alerts/{id}/events HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

{
  "next": "text",
  "results": []
}

이전REST API 다음알러트 댓글

마지막 업데이트 26일 전

도움이 되었나요?

hashtag개요

hashtag필수 권한

hashtag작업

hashtagGet an alert

hashtagUpdate the status, assignee, quality or contextTags of an alert

hashtagList alerts

hashtagUpdate the status, assignee, quality or contextTags of multiple alerts

hashtagList alert events

개요

필수 권한

작업

Get an alert

Update the status, assignee, quality or contextTags of an alert

List alerts

Update the status, assignee, quality or contextTags of multiple alerts

List alert events