Documentation is now available for the Fall 2020 Update release!

Update alert correlation policy

This endpoint is used to update an alert correlation policy.

Leave Feedback

URL

POST https://{api-url}/api/v2/tenants/{tenantId}/policies/alertCorrelation/{policyId}

Sample URLs

https://api.opsramp.com/api/v2/tenants/client_7/policies/alertCorrelation/POLICY-AC-3218d82f-25c6-4d4d-bd88-b83c5e30721c
https://api.opsramp.com/api/v2/tenants/msp_6/policies/alertCorrelation/POLICY-AC-ce200249-bcb0-47ef-8b24-9b5744053243

Header format

HeaderValue
AuthorizationBearer {accessToken}
Content-typeapplication/json
Acceptapplication/json

Status code

200 OK

Parameters

All parameters are mandatory unless specified otherwise.

FieldData TypeDescription
nameStringThe name of the alert correlation policy.
enabledString(Optional) State of the first response policy. Default state: true.
enabledModeString(Optional) Mode for the first response policy. Options: ON, OFF, and OBSERVED
precedenceNumber(Optional) Order of execution.
filterCriteriaObject(Optional) Rule is mandatory when filterBased is specified.
filterCriteria : filterBasedString(Optional) Rule is mandatory when filterBased is specified.
filterCriteria : matchingTypeStringANY/ALL
filterCriteria : rules
  • filterType
  • entityName
  • operator
  • entityValue
  • ipMatchingConditions
  • String
  • String
  • String
  • String
  • Object
Should be:
  • nativeAttributes or customAttributes
  • See Notes for more information.
  • See Notes for more information.
  • Value to compare.
  • See Notes for more information.
inferenceSubjectString(Optional) Used for the inference alert subject. Maximum of 2500 characters.
typeStringPolicy type. Values: ALGORITHM or CO_OCCURRENCE
algorithmCorrelationObjectUsed for algorithmCorrelation type.
algorithmCorrelation : alertsTimeWindowInteger(Optional) Used for algorithmCorrelation type. Default: 5 minutes
algorithmCorrelation : matchingConditions
  • property
  • matchType
  • String
  • String
Used for algorithmCorrelation type.
machineLearningObject(Optional) Used for machine learning.
machineLearning: trainingFileIDString(Optional) ID for the uploaded alert correlation training file.
machineLearning : matchingConditions
  • property
  • matchType
List(Optional)

Fields for client scope partner policy

Fields are required unless specified otherwise.

PropertyDescription
organizationMatchingTypeUsed for organization matching type. Options: ALL or INCLUDE.
includedClients(Required if organizationMatchingType is true.) Used for client list of names.

Sample 1 - Update alert policy with algorithm correlation

This sample updates an alert correlation policy with an algorithm correlation.

Sample request

{
"name":"test_algorithm_correlation_ap",
"enabledMode": "OFF",
"filterCriteria": {
	"filterBased":"true",
	"matchingType":"ALL",
	"rules":
	[
		{
			"filterType":"nativeAttributes",
			"entityName":"resource_name",
			"operator":"Contains",
			"entityValue":"vm"
		},
		{
			"filterType":"customAttributes",
			"entityName":"test_cutom_attribute",
			"operator":"Not Contains",
			"entityValue":"a"
		}
	]
},
"type":"ALGORITHM",
"inferenceSubject":"subject-alertMetric policy",
"algorithmCorrelation": {
	"alertsTimeWindow":"20",
	"matchingConditions":[
	{
		"property":"subject",
		"matchType":"Identical"
	},
	{
		"property":"alert_metric",
		"matchType":"Identical"
	}
	]
}
}

Sample response

{
  "id" : "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
  "name" : "test_algorithm_correlation_ap",
  "enabled" : false,
  "enabledMode": "OFF",
  "precedence" : 29,
  "filterCriteria" : {
    "filterBased" : true,
    "matchingType" : "ALL",
    "rules" : [ {
      "filterType" : "nativeAttributes",
      "entityName" : "resource_name",
      "operator" : "Contains",
      "entityValue" : "vm"
    }, {
      "filterType" : "customAttributes",
      "entityName" : "test_cutom_attribute",
      "operator" : "Not Contains",
      "entityValue" : "a"
    } ]
  },
  "type":"ALGORITHM",
  "inferenceSubject" : "subject-alertMetric policy",
  "algorithmCorrelation" : {
    "alertsTimeWindow" : 20,
    "matchingConditions" : [ {
      "property" : "subject",
      "matchType" : "Identical"
    }, {
      "property" : "alert_metric",
      "matchType" : "Identical"
    } ]
  },
  "createdBy" : {
    "loginName" : "opsramp_api_user",
    "lastName" : " ",
    "firstName" : "OpsRamp API User",
    "email" : "admin@opsramp.com"
  },
  "updatedBy" : {
    "loginName" : "opsramp_api_user",
    "lastName" : " ",
    "firstName" : "OpsRamp API User",
    "email" : "admin@opsramp.com"
  },
  "createdTime" : "2017-11-27T13:14:07+0000",
  "updatedTime" : "2017-11-27T14:22:11+0000"
}

Sample 2 - Update alert policy with co-occurrence correlation

This sample updates an alert correlation policy with co-occurrence correlation.

Sample request

{
	"name": "test_co-occurrence_correlation_ap",
	"enabledMode": "ON",
	"filterCriteria": {
		"filterBased": "true",
		"matchingType": "ALL",
		"rules": [{
				"filterType": "nativeAttributes",
				"entityName": "resource_name",
				"operator": "Contains",
				"entityValue": "vm"
			},
			{
				"filterType": "customAttributes",
				"entityName": "test_cutom_attribute",
				"operator": "Not Contains",
				"entityValue": "a"
			}
		]
	},
	"type": "CO_OCCURRENCE",
	"machineLearning": {
		"trainingFileId": "ml_alert_correlation_training_client_9",
		"continuousLearning": false,
		"matchingConditions": [{
				"property": "resource_type",
				"matchType": "Identical"
			},
			{
				"property": "subject",
				"matchType": "Identical"
			}
		]
	}
}

Sample response

{
	"id": "POLICY-AC-1556bcf6-7cc2-44ba-ba1f-8ca5a211bcb3",
	"name": "test_co-occurrence_correlation_ap",
	"enabled": true,
	"enabledMode": "ON",
	"precedence": 30,
	"filterCriteria": {
		"filterBased": true,
		"matchingType": "ALL",
		"rules": [{
			"filterType": "nativeAttributes",
			"entityName": "resource_name",
			"operator": "Contains",
			"entityValue": "vm"
		}, {
			"filterType": "customAttributes",
			"entityName": "test_cutom_attribute",
			"operator": "Not Contains",
			"entityValue": "a"
		}]
	},
	"type": "CO_OCCURRENCE",
	"machineLearning": {
		"trainingFileId": "ml_alert_correlation_training_client_9",
		"continuousLearning": false,
		"matchingConditions": [{
				"property": "resource_type",
				"matchType": "Identical"
			},
			{
				"property": "subject",
				"matchType": "Identical"
			}
		]
	},
	"createdBy": {
		"loginName": "opsramp_api_user",
		"lastName": " ",
		"firstName": "OpsRamp API User",
		"email": "admin@opsramp.com"
	},
	"createdTime": "2017-11-27T13:14:07+0000",
	"updatedTime": ""
}

Sample 3 - Update alert policy with IP address filter

This sample an alert correlation policy with an IP address filter.

Sample request

{
"name":"IP policy api demo",
"enabledMode": "OBSERVED",
"type":"ALGORITHM",
"filterCriteria": {
	"filterBased":"true",
	"matchingType":"ALL",
	"rules":
	[
		{
			"filterType":"nativeAttributes",
			"entityName":"ip_address",
			"ipMatchingConditions": {
				"ipAddressMatchType":"CIDR Match",
				"cidrNotation":"192.168.1.1/24"
			}
		}
	]
},
"inferenceSubject":"IP policy api demo",
"algorithmCorrelation": {
	"alertsTimeWindow":"20",
	"matchingConditions":[
	{
		"property":"resource_name",
		"matchType":"Identical"
	}
	]
}
}

Sample response

{
    "id": "POLICY-AC-498fe534-f70b-4511-80cd-88138ab15122",
    "name": "IP policy api demo",
    "enabled": true,
    "enabledMode": "OBSERVED",
    "precedence": 87,
    "filterCriteria": {
        "filterBased": true,
        "matchingType": "ALL",
        "rules": [
            {
                "filterType": "nativeAttributes",
                "entityName": "ip_address",
                "ipMatchingConditions": {
                    "ipAddressMatchType": "CIDR Match",
                    "cidrNotation": "192.168.1.1/24"
                }
            }
        ]
    },
    "type": "ALGORITHM",
    "inferenceSubject": "IP policy api demo",
    "algorithmCorrelation": {
        "alertsTimeWindow": 20,
        "matchingConditions": [
            {
                "property": "resource_name",
                "matchType": "Identical"
            }
        ]
    },
    "createdBy": {
        "loginName": "opsramp_api_user",
        "lastName": " ",
        "firstName": "OpsRamp API User",
        "email": "admin@opsramp.com"
    },
    "createdTime": "2018-12-28T10:37:32+0000",
    "updatedTime": ""
}

Sample 4 - Update client scope partner alert policy with algorithm correlation

This sample updates client scope partner alert correlation policy with an algorithm correlation and organizationMatchingType as ALL.

Sample request

{
"name":"test_algorithm_correlation_ap",
"organizationMatchingType":"ALL",
"filterCriteria": {
	"filterBased":"true",
	"matchingType":"ALL",
	"rules":
	[
		{
			"filterType":"nativeAttributes",
			"entityName":"resource_name",
			"operator":"Contains",
			"entityValue":"vm"
		},
		{
			"filterType":"customAttributes",
			"entityName":"test_cutom_attribute",
			"operator":"Not Contains",
			"entityValue":"a"
		}
	]
},
"type":"ALGORITHM",
"inferenceSubject":"subject-alertMetric policy",
"algorithmCorrelation": {
	"alertsTimeWindow":"20",
	"matchingConditions":[
	{
		"property":"subject",
		"matchType":"Identical"
	},
	{
		"property":"alert_metric",
		"matchType":"Identical"
	}
	]
}
}

Sample response

{
  "id" : "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
  "name" : "test_algorithm_correlation_ap",
  "clientsIncluded" : "ALL",
  "enabled" : true,
  "enabledMode": "ON",
  "precedence" : 29,
  "filterCriteria" : {
    "filterBased" : true,
    "matchingType" : "ALL",
    "rules" : [ {
      "filterType" : "nativeAttributes",
      "entityName" : "resource_name",
      "operator" : "Contains",
      "entityValue" : "vm"
    }, {
      "filterType" : "customAttributes",
      "entityName" : "test_cutom_attribute",
      "operator" : "Not Contains",
      "entityValue" : "a"
    } ]
  },
  "type":"ALGORITHM",
  "inferenceSubject" : "subject-alertMetric policy",
  "algorithmCorrelation" : {
    "alertsTimeWindow" : 20,
    "matchingConditions" : [ {
      "property" : "subject",
      "matchType" : "Identical"
    }, {
      "property" : "alert_metric",
      "matchType" : "Identical"
    } ]
  },
  "createdBy" : {
    "loginName" : "opsramp_api_user",
    "lastName" : " ",
    "firstName" : "OpsRamp API User",
    "email" : "admin@opsramp.com"
  },
  "createdTime" : "2017-11-27T13:14:07+0000",
  "updatedTime" : ""
}

Sample 5 - Update client sope partner policy with algorithm correlation

This sample updates a client scope partner alert correlation policy with an algorithm correlation and organizationMatchingType as INCLUDE.

Sample request

{
"name":"test_algorithm_correlation_ap",
"organizationMatchingType":"INCLUDE",
"includedClients":[
"client_8",
"client_9"],
"filterCriteria": {
	"filterBased":"true",
	"matchingType":"ALL",
	"rules":
	[
		{
			"filterType":"nativeAttributes",
			"entityName":"resource_name",
			"operator":"Contains",
			"entityValue":"vm"
		},
		{
			"filterType":"customAttributes",
			"entityName":"test_cutom_attribute",
			"operator":"Not Contains",
			"entityValue":"a"
		}
	]
},
"type":"ALGORITHM",
"inferenceSubject":"subject-alertMetric policy",
"algorithmCorrelation": {
	"alertsTimeWindow":"20",
	"matchingConditions":[
	{
		"property":"subject",
		"matchType":"Identical"
	},
	{
		"property":"alert_metric",
		"matchType":"Identical"
	}
	]
}
}

Sample response

{
  "id" : "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
  "name" : "test_algorithm_correlation_ap",
  "includedClients":[
   "client_8",
   "client_9"],
  "enabled" : true,
  "enabledMode": "ON",
  "precedence" : 29,
  "filterCriteria" : {
    "filterBased" : true,
    "matchingType" : "ALL",
    "rules" : [ {
      "filterType" : "nativeAttributes",
      "entityName" : "resource_name",
      "operator" : "Contains",
      "entityValue" : "vm"
    }, {
      "filterType" : "customAttributes",
      "entityName" : "test_cutom_attribute",
      "operator" : "Not Contains",
      "entityValue" : "a"
    } ]
  },
  "type":"ALGORITHM",
  "inferenceSubject" : "subject-alertMetric policy",
  "algorithmCorrelation" : {
    "alertsTimeWindow" : 20,
    "matchingConditions" : [ {
      "property" : "subject",
      "matchType" : "Identical"
    }, {
      "property" : "alert_metric",
      "matchType" : "Identical"
    } ]
  },
  "createdBy" : {
    "loginName" : "opsramp_api_user",
    "lastName" : " ",
    "firstName" : "OpsRamp API User",
    "email" : "admin@opsramp.com"
  },
  "createdTime" : "2017-11-27T13:14:07+0000",
  "updatedTime" : ""
}