search
Knowledge BaseRelease NotesRequest Demo

예약된 룰

예약된 룰에 대한 REST API 작업

hashtag
개요

이러한 API 작업을 사용하여 상호작용합니다 스케줄된 룰 Panther에서.

API를 호출하려면, 다음을 참조하세요 Panther REST API 사용 방법 지침—포함하여 이 문서 페이지에서 직접 호출하는 방법에 대한 지침.

hashtag
필수 권한

  • 에 대해 GET 작업의 경우, API 토큰에는 룰 보기 권한이 있어야 합니다.

  • 에 대해 POST, PUT그리고 DELETE 작업의 경우, API 토큰에는 룰 관리 권한이 있어야 합니다.

hashtag
작업

circle-info

아래 API 엔드포인트는 스케줄된 룰 전용입니다. 다른 디텍션 유형과 상호작용하려면 해당 페이지를 참조하세요: 파이썬 기반 룰arrow-up-right, 간단한 디텍션arrow-up-right그리고 클라우드 정책arrow-up-right.

hashtag
create scheduled rule

post
Authorizations
X-API-KeystringRequired
Query parameters
run-tests-firstbooleanOptional

set this field to false to exclude running tests prior to saving

Default: true
run-tests-onlybooleanOptional

set this field to true if you want to run tests without saving

Default: false
Body
bodystringRequired

The python body of the scheduled rule

dedupPeriodMinutesinteger · int64 · min: 1Optional

The amount of time in minutes for grouping alerts

Default: 60
descriptionstringOptional

The description of the scheduled rule

displayNamestringOptional

The display name of the scheduled rule

enabledbooleanOptional

Determines whether or not the scheduled rule is active

idstringRequired

The id of the scheduled rule

managedbooleanOptional

Determines if the scheduled rule is managed by panther

outputIDsstring[]Optional

Destination IDs that override default alert routing based on severity

runbookstringOptional

How to handle the generated alert

scheduledQueriesstring[]Optional

the queries that this scheduled rule utilizes

severitystring · enumRequiredPossible values:
summaryAttributesstring[]Optional

A list of fields in the event to create top 5 summaries for

tagsstring[]Optional

The tags for the scheduled rule

thresholdinteger · int64 · min: 1Optional

the number of events that must match before an alert is triggered

Default: 1
Responses
chevron-right
200

OK response.

application/json
post
/scheduled-rules

hashtag
get scheduled rule

get
Authorizations
X-API-KeystringRequired
Path parameters
idstringRequired

ID of the rule to fetch

Responses
chevron-right
200

OK response.

application/json
get
/scheduled-rules/{id}

hashtag
put scheduled rule

put

put creates or updates a scheduled rule

Authorizations
X-API-KeystringRequired
Path parameters
idstringRequired

the id of the scheduled rule

Query parameters
run-tests-firstbooleanOptional

set this field to false to exclude running tests prior to saving

Default: true
run-tests-onlybooleanOptional

set this field to true if you want to run tests without saving

Default: false
Body
bodystringRequired

The python body of the scheduled rule

dedupPeriodMinutesinteger · int64 · min: 1Optional

The amount of time in minutes for grouping alerts

Default: 60
descriptionstringOptional

The description of the scheduled rule

displayNamestringOptional

The display name of the scheduled rule

enabledbooleanOptional

Determines whether or not the scheduled rule is active

idstringRequired

The id of the scheduled rule

managedbooleanOptional

Determines if the scheduled rule is managed by panther

outputIDsstring[]Optional

Destination IDs that override default alert routing based on severity

runbookstringOptional

How to handle the generated alert

scheduledQueriesstring[]Optional

the queries that this scheduled rule utilizes

severitystring · enumRequiredPossible values:
summaryAttributesstring[]Optional

A list of fields in the event to create top 5 summaries for

tagsstring[]Optional

The tags for the scheduled rule

thresholdinteger · int64 · min: 1Optional

the number of events that must match before an alert is triggered

Default: 1
Responses
chevron-right
200

200 returned if the item already existed

application/json
put
/scheduled-rules/{id}

hashtag
delete scheduled rule

delete
Authorizations
X-API-KeystringRequired
Path parameters
idstringRequired

ID of the rule to delete

Responses
delete
/scheduled-rules/{id}
No content

hashtag
list scheduled rules

get
Authorizations
X-API-KeystringRequired
Query parameters
cursorstringOptional

the pagination token

limitinteger · int64Optional

the maximum results to return

Default: 100
name-containsstringOptional

Substring search by name (case-insensitive)

statestring · enumOptional

Only include rules in the given state

Possible values:
scheduled-querystring[]Optional

Only include rules which apply to one of these scheduled queries

tagstring[]Optional

Only include rules with one of the given tags (case-insensitive)

created-bystringOptional

Only include rules whose creator matches this user ID or actor ID

last-modified-bystringOptional

Only include rules last modified by this user ID or actor ID

Responses
chevron-right
200

OK response.

application/json
get
/scheduled-rules
200

OK response.

이전다음단순 룰

마지막 업데이트

도움이 되었나요?