Scheduled Rules
REST API operations for Scheduled Rules
Overview
Use these API operations to interact with Scheduled Rules in Panther.
To call the API, see the How to use the Panther REST API instructions—including directions for how to invoke it directly from this documentation page.
Required permissions
For
GET
operations, your API token must have theView Rules
permission.For
POST
,PUT
, andDELETE
operations, your API token must have theManage Rules
permission.
Operations
set this field to false to exclude running tests prior to saving
true
set this field to true if you want to run tests without saving
false
The python body of the scheduled rule
The amount of time in minutes for grouping alerts
60
The description of the scheduled rule
The display name of the scheduled rule
Determines whether or not the scheduled rule is active
The id of the scheduled rule
Determines if the scheduled rule is managed by panther
How to handle the generated alert
the queries that this scheduled rule utilizes
A list of fields in the event to create top 5 summaries for
The tags for the scheduled rule
the number of events that must match before an alert is triggered
1
POST /scheduled-rules HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 403
{
"body": "text",
"dedupPeriodMinutes": 60,
"description": "text",
"displayName": "text",
"enabled": true,
"id": "text",
"managed": true,
"reports": {
"ANY_ADDITIONAL_PROPERTY": [
"text"
]
},
"runbook": "text",
"scheduledQueries": [
"text"
],
"severity": "INFO",
"summaryAttributes": [
"text"
],
"tags": [
"text"
],
"tests": [
{
"expectedResult": true,
"mocks": [
{
"ANY_ADDITIONAL_PROPERTY": "text"
}
],
"name": "text",
"resource": "text"
}
],
"threshold": 1
}
{
"body": "text",
"createdAt": "text",
"dedupPeriodMinutes": 60,
"description": "text",
"displayName": "text",
"enabled": true,
"id": "text",
"lastModified": "text",
"managed": true,
"reports": {
"ANY_ADDITIONAL_PROPERTY": [
"text"
]
},
"runbook": "text",
"scheduledQueries": [
"text"
],
"severity": "INFO",
"summaryAttributes": [
"text"
],
"tags": [
"text"
],
"tests": [
{
"expectedResult": true,
"mocks": [
{
"ANY_ADDITIONAL_PROPERTY": "text"
}
],
"name": "text",
"resource": "text"
}
],
"threshold": 1
}
ID of the rule to fetch
GET /scheduled-rules/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*
{
"body": "text",
"createdAt": "text",
"dedupPeriodMinutes": 60,
"description": "text",
"displayName": "text",
"enabled": true,
"id": "text",
"lastModified": "text",
"managed": true,
"reports": {
"ANY_ADDITIONAL_PROPERTY": [
"text"
]
},
"runbook": "text",
"scheduledQueries": [
"text"
],
"severity": "INFO",
"summaryAttributes": [
"text"
],
"tags": [
"text"
],
"tests": [
{
"expectedResult": true,
"mocks": [
{
"ANY_ADDITIONAL_PROPERTY": "text"
}
],
"name": "text",
"resource": "text"
}
],
"threshold": 1
}
put creates or updates a scheduled rule
the id of the scheduled rule
set this field to false to exclude running tests prior to saving
true
set this field to true if you want to run tests without saving
false
The python body of the scheduled rule
The amount of time in minutes for grouping alerts
60
The description of the scheduled rule
The display name of the scheduled rule
Determines whether or not the scheduled rule is active
The id of the scheduled rule
Determines if the scheduled rule is managed by panther
How to handle the generated alert
the queries that this scheduled rule utilizes
A list of fields in the event to create top 5 summaries for
The tags for the scheduled rule
the number of events that must match before an alert is triggered
1
PUT /scheduled-rules/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 403
{
"body": "text",
"dedupPeriodMinutes": 60,
"description": "text",
"displayName": "text",
"enabled": true,
"id": "text",
"managed": true,
"reports": {
"ANY_ADDITIONAL_PROPERTY": [
"text"
]
},
"runbook": "text",
"scheduledQueries": [
"text"
],
"severity": "INFO",
"summaryAttributes": [
"text"
],
"tags": [
"text"
],
"tests": [
{
"expectedResult": true,
"mocks": [
{
"ANY_ADDITIONAL_PROPERTY": "text"
}
],
"name": "text",
"resource": "text"
}
],
"threshold": 1
}
{
"body": "text",
"createdAt": "text",
"dedupPeriodMinutes": 60,
"description": "text",
"displayName": "text",
"enabled": true,
"id": "text",
"lastModified": "text",
"managed": true,
"reports": {
"ANY_ADDITIONAL_PROPERTY": [
"text"
]
},
"runbook": "text",
"scheduledQueries": [
"text"
],
"severity": "INFO",
"summaryAttributes": [
"text"
],
"tags": [
"text"
],
"tests": [
{
"expectedResult": true,
"mocks": [
{
"ANY_ADDITIONAL_PROPERTY": "text"
}
],
"name": "text",
"resource": "text"
}
],
"threshold": 1
}
ID of the rule to delete
DELETE /scheduled-rules/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*
No content
the pagination token
the maximum results to return
100
GET /scheduled-rules HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*
OK response.
{
"next": "text",
"results": [
{
"body": "text",
"createdAt": "text",
"dedupPeriodMinutes": 60,
"description": "text",
"displayName": "text",
"enabled": true,
"id": "text",
"lastModified": "text",
"managed": true,
"reports": {
"ANY_ADDITIONAL_PROPERTY": [
"text"
]
},
"runbook": "text",
"scheduledQueries": [
"text"
],
"severity": "INFO",
"summaryAttributes": [
"text"
],
"tags": [
"text"
],
"tests": [
{
"expectedResult": true,
"mocks": [
{
"ANY_ADDITIONAL_PROPERTY": "text"
}
],
"name": "text",
"resource": "text"
}
],
"threshold": 1
}
]
}
Last updated
Was this helpful?