Alert Management APIs
Get Alerts (GET)
Returns all alerts.
Route
|
URI |
/api/v1/alert |
|
Method |
GET |
|
Result |
JSON – Array of AlertModel |
Parameters
None
Example
GET http://localhost/api/v1/alert
[
{
"$type": "pn.alert.definitions.AlertDefinition, libAlertInterfaces",
"id": "0d1e3e35-cc83-472b-aeda-e6c903920d66",
"author": {
"Type": "LightAccountObject",
"accountId": {
"ssf": "sid:///S-1-0-0"
},
"displayName": "sid:///S-1-0-0",
"id": "f4bb9df5-6203-4679-9582-23dfe79d5fcc"
},
"name": "Changes in directory for Enroll",
"observedResources": [
{
"$type": "pn.alert.fasels.AlertableResource, libAlertInterfaces",
"resourceType": 2,
"path": "\\\\b-d01\\Enroll",
"providerName": "b-dc01",
"displayName": "Enroll",
"uniqueObjectKey": "\\\\b-d01\\Enroll",
"resourceAddress": "path://b-d01/fs/%5C%5Cb-d01%5CEnroll?class=Share"
}
],
"severity": 0,
"eventDefinition": {
"$type": "pn.alert.definitions.events.fileSystem.FileSystemDirectoryChangeEventDefinition, libAlertInterfaces",
"eventType": {
"$type": "pn.alert.enums.AlertEventType, libAlertInterfaces",
"id": "d91e08d6-74de-4e40-a539-29bebd4e0e77"
},
"displayName": "Changes in directory",
"investigationDepth": 2,
"id": "2c1d7854-f0f3-4f68-a5af-0d4faecadf99",
"resourceType": 2,
"hasCustomizableSettings": true,
"observedFileSystemChanges": 20,
"blacklistAccounts": [],
"blacklistDirectories": []
},
"actionDefinitions": [
{
"$type": "pn.alert.definitions.actions.AlertActionWriteEventLogDefinition, libAlertInterfaces",
"displayName": "Write to Windows event log",
"type": 1,
"culture": "en-US",
"timeZone": {
"$type": "System.TimeZoneInfo, mscorlib",
"Id": "UTC",
"DisplayName": "UTC",
"StandardName": "UTC",
"DaylightName": "UTC",
"BaseUtcOffset": "00:00:00",
"AdjustmentRules": null,
"SupportsDaylightSavingTime": false
}
}
],
"filterDefinitions": [
{
"$type": "pn.alert.definitions.filters.treshhold.ThresholdDefinition, libAlertInterfaces",
"configurationId": "7544c46b-8fa9-4384-b14c-95e77e4676ad",
"isActive": false,
"filterType": 0,
"countOfEvents": 1,
"eventSimilarities": 1,
"maxTimeValue": 10,
"maxTimeUnit": 0,
"minTimeValue": 0,
"minTimeUnit": 0
}
],
"isActive": true,
"alertState": 5
},
…
]
Get Alerts By Alert ID (GET)
Returns specific alerts by their IDs.
Route
|
URI |
/api/v1/alert/byalertid |
|
Method |
GET |
|
Result |
JSON – Array of AlertModel |
Parameters
alertId - Comma-separated list of alert IDs
Example
GET http://localhost/api/v1/alert/byalertid?alertId=id1,id2,id3
[
{
"$type": "pn.alert.definitions.AlertDefinition, libAlertInterfaces",
"id": "0d1e3e35-cc83-472b-aeda-e6c903920d6a",
"author": {
"Type": "LightAccountObject",
"accountId": {
"ssf": "sid:///S-1-0-0"
},
"displayName": "sid:///S-1-0-0",
"id": "f4bb9df5-6203-4679-9582-23dfe79d5fc8"
},
"name": "Changes in directory for CertEnroll",
"observedResources": [
{
"$type": "pn.alert.fasels.AlertableResource, libAlertInterfaces",
"resourceType": 2,
"path": "\\\\b-dc01\\CertEnroll",
"providerName": "b-dc01",
"displayName": "CertEnroll",
"uniqueObjectKey": "\\\\b-dc01\\CertEnroll",
"resourceAddress": "path://b-dc01/fs/%5C%5Cb-dc01%5CCertEnroll?class=Share"
}
],
"severity": 0,
"eventDefinition": {
"$type": "pn.alert.definitions.events.fileSystem.FileSystemDirectoryChangeEventDefinition, libAlertInterfaces",
"eventType": {
"$type": "pn.alert.enums.AlertEventType, libAlertInterfaces",
"id": "d91e08d6-74de-4e40-a539-29bebd4e0e79"
},
"displayName": "Changes in directory",
"investigationDepth": 2,
"id": "2c1d7854-f0f3-4f68-a5af-0d4faecadf93",
"resourceType": 2,
"hasCustomizableSettings": true,
"observedFileSystemChanges": 20,
"blacklistAccounts": [],
"blacklistDirectories": []
},
"actionDefinitions": [
{
"$type": "pn.alert.definitions.actions.AlertActionWriteEventLogDefinition, libAlertInterfaces",
"displayName": "Write to Windows event log",
"type": 1,
"culture": "en-US",
"timeZone": {
"$type": "System.TimeZoneInfo, mscorlib",
"Id": "UTC",
"DisplayName": "UTC",
"StandardName": "UTC",
"DaylightName": "UTC",
"BaseUtcOffset": "00:00:00",
"AdjustmentRules": null,
"SupportsDaylightSavingTime": false
}
}
],
"filterDefinitions": [
{
"$type": "pn.alert.definitions.filters.treshhold.ThresholdDefinition, libAlertInterfaces",
"configurationId": "7544c46b-8fa9-4384-b14c-95e77e4676ad",
"isActive": false,
"filterType": 0,
"countOfEvents": 1,
"eventSimilarities": 1,
"maxTimeValue": 10,
"maxTimeUnit": 0,
"minTimeValue": 0,
"minTimeUnit": 0
}
],
"isActive": true,
"alertState": 5
},
…
]
Create/Update Alert (POST)
Creates a new alert or updates an existing one.
Route
|
URI |
/api/v1/alert/createupdate |
|
Method |
POST |
|
Result |
JSON – AlertCreationResult |
Parameters
Body: AlertModel
Example
POST http://localhost/api/v1/alert/createupdate
Content-Type: application/json
{alert definition}
Update Alert (PUT)
Updates an existing alert.
Route
|
URI |
/api/v1/alert/update |
|
Method |
PUT |
|
Result |
JSON – AlertUpdateResult |
Parameters
Body: AlertModel
Example
PUT http://localhost/api/v1/alert/update
Content-Type: application/json
{alert definition}
Delete Alert (DELETE)
Removes one or more alerts.
Route
|
URI |
/api/v1/alert/remove |
|
Method |
DELETE |
|
Result |
JSON – AlertDeletionResult |
Parameters
alert IDs
Example
DELETE http://localhost/api/v1/alert/remove?alertIds=id1,id2
{
"Success": true
}
Check Alert Sensor (GET)
Checks the status of an alert sensor.
Route
|
URI |
/api/v1/alert/checksensor |
|
Method |
GET |
|
Result |
JSON – SensorStatusModel |
Parameters
{
"displayName": "8MAN",
"resourceType": 1,
"uniqueObjectKey": "27a88ad0-9962-431d-b99b-afe3d99ed7a9",
"providerName": "eng.protected-networks.local"
}
Example
GET http://localhost/api/v1/alert/checksensor
Example Response
True