Documentation is now available for the Fall 2020 Update release!

Create alert correlation policy

This endpoint is used to create an alert correlation policy.

Leave Feedback

URL

POST https://{api-url}/api/v2/tenants/{tenantId}/policies/alertCorrelation

Sample URLs

https://{api-url}/api/v2/tenants/client_7/policies/alertCorrelation
https://{api-url}/api/v2/tenants/msp_6/policies/alertCorrelation

Header format

HeaderValue
AuthorizationBearer {accessToken}
Content-typeapplication/json
Acceptapplication/json

Status code

200 OK

Parameters

All parameters are mandatory unless specified otherwise.

FieldData TypeDescription
nameStringThe name of the alert correlation policy.
enabledString(Optional) State of the first response policy. Default state: true.
enabledModeString(Optional) Mode for the first response policy. Options: ON, OFF, and OBSERVED
precedenceNumber(Optional) Order of execution.
filterCriteriaObject(Optional) Rule is mandatory when filterBased is specified.
filterCriteria : filterBasedString(Optional) Rule is mandatory when filterBased is specified.
filterCriteria : matchingTypeStringANY/ALL
filterCriteria : rules
  • filterType
  • entityName
  • operator
  • entityValue
  • ipMatchingConditions
  • String
  • String
  • String
  • String
  • Object
Should be:
  • nativeAttributes or customAttributes
  • See Notes for more information.
  • See Notes for more information.
  • Value to compare.
  • See Notes for more information.
inferenceSubjectString(Optional) Used for the inference alert subject. Maximum of 2500 characters.
typeStringPolicy type. Values: ALGORITHM or CO_OCCURRENCE
algorithmCorrelationObjectUsed for algorithmCorrelation type.
algorithmCorrelation : alertsTimeWindowInteger(Optional) Used for algorithmCorrelation type. Default: 5 minutes
algorithmCorrelation : matchingConditions
  • property
  • matchType
  • String
  • String
Used for algorithmCorrelation type.
machineLearningObject(Optional) Used for machine learning.
machineLearning: trainingFileIDString(Optional) ID for the uploaded alert correlation training file.
machineLearning : matchingConditions
  • property
  • matchType
List(Optional)

Fields for client scope partner policy

Fields are required unless specified otherwise.

PropertyDescription
organizationMatchingTypeUsed for organization matching type. Options: ALL or INCLUDE.
includedClients(Required if organizationMatchingType is true.) Used for client list of names.

Sample 1 - Create alert policy with algorithm correlation

This sample creates an alert correlation policy with an algorithm correlation.

Sample request

{
"name":"test_algorithm_correlation_ap",
"enabledMode":"ON",
"filterCriteria": {
	"filterBased":"true",
	"matchingType":"ALL",
	"rules":
	[
		{
			"filterType":"nativeAttributes",
			"entityName":"resource_name",
			"operator":"Contains",
			"entityValue":"vm"
		},
		{
			"filterType":"customAttributes",
			"entityName":"test_cutom_attribute",
			"operator":"Not Contains",
			"entityValue":"a"
		}
	]
},
"type":"ALGORITHM",
"inferenceSubject":"subject-alertMetric policy",
"algorithmCorrelation": {
	"alertsTimeWindow":"20",
	"matchingConditions":[
	{
		"property":"subject",
		"matchType":"Identical"
	},
	{
		"property":"alert_metric",
		"matchType":"Identical"
	}
	]
}
}

Sample response

{
  "id" : "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
  "name" : "test_algorithm_correlation_ap",
  "enabled" : true,
  "enabledMode": "ON",
  "precedence" : 29,
  "filterCriteria" : {
    "filterBased" : true,
    "matchingType" : "ALL",
    "rules" : [ {
      "filterType" : "nativeAttributes",
      "entityName" : "resource_name",
      "operator" : "Contains",
      "entityValue" : "vm"
    }, {
      "filterType" : "customAttributes",
      "entityName" : "test_cutom_attribute",
      "operator" : "Not Contains",
      "entityValue" : "a"
    } ]
  },
  "type":"ALGORITHM",
  "inferenceSubject" : "subject-alertMetric policy",
  "algorithmCorrelation" : {
    "alertsTimeWindow" : 20,
    "matchingConditions" : [ {
      "property" : "subject",
      "matchType" : "Identical"
    }, {
      "property" : "alert_metric",
      "matchType" : "Identical"
    } ]
  },
  "createdBy" : {
    "loginName" : "opsramp_api_user",
    "lastName" : " ",
    "firstName" : "OpsRamp API User",
    "email" : "admin@opsramp.com"
  },
  "createdTime" : "2017-11-27T13:14:07+0000",
  "updatedTime" : ""
}

Sample 2 - Create alert policy with co-occurrence correlation

This sample creates an alert correlation policy with a co-occurrence correlation.

Sample request

{
	"name": "test_co-occurrence_correlation_ap",
	"enabledMode":"OBSERVED",
	"filterCriteria": {
		"filterBased": "true",
		"matchingType": "ALL",
		"rules": [{
				"filterType": "nativeAttributes",
				"entityName": "resource_name",
				"operator": "Contains",
				"entityValue": "vm"
			},
			{
				"filterType": "customAttributes",
				"entityName": "test_cutom_attribute",
				"operator": "Not Contains",
				"entityValue": "a"
			}
		]
	},
	"type": "CO_OCCURRENCE",
	"machineLearning": {
		"trainingFileId": "ml_alert_correlation_training_client_9",
		"continuousLearning": false,
		"matchingConditions": [{
				"property": "resource_type",
				"matchType": "Identical"
			},
			{
				"property": "subject",
				"matchType": "Identical"
			}
		]
	}
}

Sample response

{
	"id": "POLICY-AC-1556bcf6-7cc2-44ba-ba1f-8ca5a211bcb3",
	"name": "test_co-occurrence_correlation_ap",
	"enabled": true,
	"enabledMode":"OBSERVED",
	"precedence": 30,
	"filterCriteria": {
		"filterBased": true,
		"matchingType": "ALL",
		"rules": [{
			"filterType": "nativeAttributes",
			"entityName": "resource_name",
			"operator": "Contains",
			"entityValue": "vm"
		}, {
			"filterType": "customAttributes",
			"entityName": "test_cutom_attribute",
			"operator": "Not Contains",
			"entityValue": "a"
		}]
	},
	"type": "CO_OCCURRENCE",
	"machineLearning": {
		"trainingFileId": "ml_alert_correlation_training_client_9",
		"continuousLearning": false,
		"matchingConditions": [{
				"property": "resource_type",
				"matchType": "Identical"
			},
			{
				"property": "subject",
				"matchType": "Identical"
			}
		]
	},
	"createdBy": {
		"loginName": "opsramp_api_user",
		"lastName": " ",
		"firstName": "OpsRamp API User",
		"email": "admin@opsramp.com"
	},
	"createdTime": "2017-11-27T13:14:07+0000",
	"updatedTime": ""
}

Sample 3 - Create alert policy with IP address filter

This sample create an alert correlation policy with a IP address filter.

Sample request

{
"name":"IP policy api demo",
"type":"ALGORITHM",
"inferenceSubject":"IP policy api demo",
"filterCriteria": {
	"filterBased":"true",
	"matchingType":"ALL",
	"rules":
	[
		{
			"filterType":"nativeAttributes",
			"entityName":"ip_address",
			"ipMatchingConditions": {
				"ipAddressMatchType":"Within Range",
				"ipAddress":"192.168.5.130",
				"netmask":"255.255.255.192"
			}
		}
	]
},
"algorithmCorrelation": {
	"alertsTimeWindow":"20",
	"matchingConditions":[
	{
		"property":"resource_name",
		"matchType":"Identical"
	}
	]
}
}

Sample response

{
    "id": "POLICY-AC-e275116e-c457-47be-bd25-9eef3c1d7976",
    "name": "IP policy api demo",
    "enabled": true,
    "enabledMode": "ON",
    "precedence": 88,
    "filterCriteria": {
        "filterBased": true,
        "matchingType": "ALL",
        "rules": [
            {
                "filterType": "nativeAttributes",
                "entityName": "ip_address",
                "ipMatchingConditions": {
                    "ipAddressMatchType": "Within Range",
                    "ipAddress": "192.168.5.130",
                    "netmask": "255.255.255.192"
                }
            }
        ]
    },
    "type": "ALGORITHM",
    "inferenceSubject": "IP policy api demo",
    "algorithmCorrelation": {
        "alertsTimeWindow": 20,
        "matchingConditions": [
            {
                "property": "resource_name",
                "matchType": "Identical"
            }
        ]
    },
    "createdBy": {
        "loginName": "opsramp_api_user",
        "lastName": " ",
        "firstName": "OpsRamp API User",
        "email": "admin@opsramp.com"
    },
    "createdTime": "2018-12-28T10:42:42+0000",
    "updatedTime": ""
}

Sample 4 - Create client scope partner alert policy

This sample creates a client scope partner alert correlation policy with Algorithm Correlation and organizationMatchingType as ALL.

Sample request

{
"name":"test_algorithm_correlation_ap",
"organizationMatchingType":"ALL",
"filterCriteria": {
	"filterBased":"true",
	"matchingType":"ALL",
	"rules":
	[
		{
			"filterType":"nativeAttributes",
			"entityName":"resource_name",
			"operator":"Contains",
			"entityValue":"vm"
		},
		{
			"filterType":"customAttributes",
			"entityName":"test_cutom_attribute",
			"operator":"Not Contains",
			"entityValue":"a"
		}
	]
},
"type":"ALGORITHM",
"inferenceSubject":"subject-alertMetric policy",
"algorithmCorrelation": {
	"alertsTimeWindow":"20",
	"matchingConditions":[
	{
		"property":"subject",
		"matchType":"Identical"
	},
	{
		"property":"alert_metric",
		"matchType":"Identical"
	}
	]
}
}

Sample response

{
  "id" : "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
  "name" : "test_algorithm_correlation_ap",
  "clientsIncluded" : "ALL",
  "enabled" : true,
  "enabledMode": "ON",
  "precedence" : 29,
  "filterCriteria" : {
    "filterBased" : true,
    "matchingType" : "ALL",
    "rules" : [ {
      "filterType" : "nativeAttributes",
      "entityName" : "resource_name",
      "operator" : "Contains",
      "entityValue" : "vm"
    }, {
      "filterType" : "customAttributes",
      "entityName" : "test_cutom_attribute",
      "operator" : "Not Contains",
      "entityValue" : "a"
    } ]
  },
  "type":"ALGORITHM",
  "inferenceSubject" : "subject-alertMetric policy",
  "algorithmCorrelation" : {
    "alertsTimeWindow" : 20,
    "matchingConditions" : [ {
      "property" : "subject",
      "matchType" : "Identical"
    }, {
      "property" : "alert_metric",
      "matchType" : "Identical"
    } ]
  },
  "createdBy" : {
    "loginName" : "opsramp_api_user",
    "lastName" : " ",
    "firstName" : "OpsRamp API User",
    "email" : "admin@opsramp.com"
  },
  "createdTime" : "2017-11-27T13:14:07+0000",
  "updatedTime" : ""
}

Sample 5 - Client scope partner alert policy

This sample creates a client scope partner alert correlation policy with Algorithm Correlation and organizationMatchingType as INCLUDE.

Sample request

{
"name":"test_algorithm_correlation_ap",
"organizationMatchingType":"INCLUDE",
"includedClients":[
"client_8",
"client_9"],
"filterCriteria": {
	"filterBased":"true",
	"matchingType":"ALL",
	"rules":
	[
		{
			"filterType":"nativeAttributes",
			"entityName":"resource_name",
			"operator":"Contains",
			"entityValue":"vm"
		},
		{
			"filterType":"customAttributes",
			"entityName":"test_cutom_attribute",
			"operator":"Not Contains",
			"entityValue":"a"
		}
	]
},
"type":"ALGORITHM",
"inferenceSubject":"subject-alertMetric policy",
"algorithmCorrelation": {
	"alertsTimeWindow":"20",
	"matchingConditions":[
	{
		"property":"subject",
		"matchType":"Identical"
	},
	{
		"property":"alert_metric",
		"matchType":"Identical"
	}
	]
}
}

Sample response

{
  "id" : "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
  "name" : "test_algorithm_correlation_ap",
  "includedClients":[
   "client_8",
   "client_9"],
  "enabled" : true,
  "enabledMode": "ON",
  "precedence" : 29,
  "filterCriteria" : {
    "filterBased" : true,
    "matchingType" : "ALL",
    "rules" : [ {
      "filterType" : "nativeAttributes",
      "entityName" : "resource_name",
      "operator" : "Contains",
      "entityValue" : "vm"
    }, {
      "filterType" : "customAttributes",
      "entityName" : "test_cutom_attribute",
      "operator" : "Not Contains",
      "entityValue" : "a"
    } ]
  },
  "type":"ALGORITHM",
  "inferenceSubject" : "subject-alertMetric policy",
  "algorithmCorrelation" : {
    "alertsTimeWindow" : 20,
    "matchingConditions" : [ {
      "property" : "subject",
      "matchType" : "Identical"
    }, {
      "property" : "alert_metric",
      "matchType" : "Identical"
    } ]
  },
  "createdBy" : {
    "loginName" : "opsramp_api_user",
    "lastName" : " ",
    "firstName" : "OpsRamp API User",
    "email" : "admin@opsramp.com"
  },
  "createdTime" : "2017-11-27T13:14:07+0000",
  "updatedTime" : ""
}