Scheduled Rules
REST API operations for Scheduled Rules
Overview
Use these API operations to interact with Scheduled Rules in Panther.
To call the API, see the How to use the Panther REST API instructions—including directions for how to invoke it directly from this documentation page.
Required permissions
For
GEToperations, your API token must have theView Rulespermission.For
POST,PUT, andDELETEoperations, your API token must have theManage Rulespermission.
Operations
set this field to false to exclude running tests prior to saving
trueset this field to true if you want to run tests without saving
falseThe python body of the scheduled rule
The amount of time in minutes for grouping alerts
60The description of the scheduled rule
The display name of the scheduled rule
Determines whether or not the scheduled rule is active
The id of the scheduled rule
Determines if the scheduled rule is managed by panther
How to handle the generated alert
the queries that this scheduled rule utilizes
A list of fields in the event to create top 5 summaries for
The tags for the scheduled rule
the number of events that must match before an alert is triggered
1POST /scheduled-rules HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 403
{
"body": "text",
"dedupPeriodMinutes": 60,
"description": "text",
"displayName": "text",
"enabled": true,
"id": "text",
"managed": true,
"reports": {
"ANY_ADDITIONAL_PROPERTY": [
"text"
]
},
"runbook": "text",
"scheduledQueries": [
"text"
],
"severity": "INFO",
"summaryAttributes": [
"text"
],
"tags": [
"text"
],
"tests": [
{
"expectedResult": true,
"mocks": [
{
"ANY_ADDITIONAL_PROPERTY": "text"
}
],
"name": "text",
"resource": "text"
}
],
"threshold": 1
}{
"body": "text",
"createdAt": "text",
"dedupPeriodMinutes": 60,
"description": "text",
"displayName": "text",
"enabled": true,
"id": "text",
"lastModified": "text",
"managed": true,
"reports": {
"ANY_ADDITIONAL_PROPERTY": [
"text"
]
},
"runbook": "text",
"scheduledQueries": [
"text"
],
"severity": "INFO",
"summaryAttributes": [
"text"
],
"tags": [
"text"
],
"tests": [
{
"expectedResult": true,
"mocks": [
{
"ANY_ADDITIONAL_PROPERTY": "text"
}
],
"name": "text",
"resource": "text"
}
],
"threshold": 1
}ID of the rule to fetch
GET /scheduled-rules/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*
{
"body": "text",
"createdAt": "text",
"dedupPeriodMinutes": 60,
"description": "text",
"displayName": "text",
"enabled": true,
"id": "text",
"lastModified": "text",
"managed": true,
"reports": {
"ANY_ADDITIONAL_PROPERTY": [
"text"
]
},
"runbook": "text",
"scheduledQueries": [
"text"
],
"severity": "INFO",
"summaryAttributes": [
"text"
],
"tags": [
"text"
],
"tests": [
{
"expectedResult": true,
"mocks": [
{
"ANY_ADDITIONAL_PROPERTY": "text"
}
],
"name": "text",
"resource": "text"
}
],
"threshold": 1
}put creates or updates a scheduled rule
the id of the scheduled rule
set this field to false to exclude running tests prior to saving
trueset this field to true if you want to run tests without saving
falseThe python body of the scheduled rule
The amount of time in minutes for grouping alerts
60The description of the scheduled rule
The display name of the scheduled rule
Determines whether or not the scheduled rule is active
The id of the scheduled rule
Determines if the scheduled rule is managed by panther
How to handle the generated alert
the queries that this scheduled rule utilizes
A list of fields in the event to create top 5 summaries for
The tags for the scheduled rule
the number of events that must match before an alert is triggered
1PUT /scheduled-rules/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 403
{
"body": "text",
"dedupPeriodMinutes": 60,
"description": "text",
"displayName": "text",
"enabled": true,
"id": "text",
"managed": true,
"reports": {
"ANY_ADDITIONAL_PROPERTY": [
"text"
]
},
"runbook": "text",
"scheduledQueries": [
"text"
],
"severity": "INFO",
"summaryAttributes": [
"text"
],
"tags": [
"text"
],
"tests": [
{
"expectedResult": true,
"mocks": [
{
"ANY_ADDITIONAL_PROPERTY": "text"
}
],
"name": "text",
"resource": "text"
}
],
"threshold": 1
}{
"body": "text",
"createdAt": "text",
"dedupPeriodMinutes": 60,
"description": "text",
"displayName": "text",
"enabled": true,
"id": "text",
"lastModified": "text",
"managed": true,
"reports": {
"ANY_ADDITIONAL_PROPERTY": [
"text"
]
},
"runbook": "text",
"scheduledQueries": [
"text"
],
"severity": "INFO",
"summaryAttributes": [
"text"
],
"tags": [
"text"
],
"tests": [
{
"expectedResult": true,
"mocks": [
{
"ANY_ADDITIONAL_PROPERTY": "text"
}
],
"name": "text",
"resource": "text"
}
],
"threshold": 1
}ID of the rule to delete
DELETE /scheduled-rules/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*
No content
the pagination token
the maximum results to return
100GET /scheduled-rules HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*
OK response.
{
"next": "text",
"results": [
{
"body": "text",
"createdAt": "text",
"dedupPeriodMinutes": 60,
"description": "text",
"displayName": "text",
"enabled": true,
"id": "text",
"lastModified": "text",
"managed": true,
"reports": {
"ANY_ADDITIONAL_PROPERTY": [
"text"
]
},
"runbook": "text",
"scheduledQueries": [
"text"
],
"severity": "INFO",
"summaryAttributes": [
"text"
],
"tags": [
"text"
],
"tests": [
{
"expectedResult": true,
"mocks": [
{
"ANY_ADDITIONAL_PROPERTY": "text"
}
],
"name": "text",
"resource": "text"
}
],
"threshold": 1
}
]
}Last updated
Was this helpful?