Update First Response Policy

This endpoint is used to update the First Response Policy.

Leave Feedback

URL

POST https://{api-url}/api/v2/tenants/{tenantId}/policies/firstResponse/{policyId}

Sample URLs

https://{api-url}/api/v2/tenants/client_7/policies/firstResponse/{policyId}

Parameters

FieldData TypeDescription
nameStringName of the first response policy. Maximum length: 250 characters.
enabledString(Optional) State of the first response policy. Default state: true.
precedenceInteger(Optional) Order of execution of the first response policy.
filterCriteria
  • filterBased
  • matchingType
  • rules
    • filterType
    • entityName
    • operator
    • entityValue
Object
  • String
  • String
  • List
    • String
    • String
    • String
    • String
(Optional) Values used for filter criteria.
  • Defines the value used for filterBased. Default Value: False.
  • Defines the type of matching results either ANY or ALL.
    • Select ANY to match results based on any specified filter criteria.
    • Select ALL to match results based on all specified  filter criteria.
  • By default, the field rules is set to False. Mandatory only when filterBased is TRUE. Values for filterType are either
    • native attributes
      dns_namehost_namealias_nameip_address
      resource_typeagent_installedoperating_systemmake
      modelalert_sourcealert_metric
      or
    • custom attributes
      • Provide custom attribute names defined for client or partner or service provider assigned to the resources.
    • Select rules for operator from the following:
      ContainsNot ContainsEqualsNot Equals
      Starts WithEnds WithRegexIs (yes, no)
    • Value used to compare.
firstResponseTypeStringThe first response type. Supported value: SUPPRESSION.
suppression
  • suppressSeasonalAlerts
  • suppressByAttributes
  • autoSnooze
  • continuousLearning
  • trainingFileId
Object
  • Boolean
  • Boolean
  • Boolean
  • Boolean
  • String
Used only for suppression type.
  • Suppress alerts that happen regularly and at the same time approximately.
  • Suppress specific alerts.
  • Snooze specific alerts for a given time.
  • Enable/Disable continuous machine learning.
  • ID of the training file. This ID is used only when suppressByAttributes is TRUE.

Status code

200 OK

Sample request

{
  "name": "firstResponse_1",
  "enabled": true,
  "filterCriteria": {
    "filterBased": true,
    "matchingType": "ALL",
    "rules": [
      {
        "filterType": "nativeAttributes",
        "entityName": "host_name",
        "operator": "Starts with",
        "entityValue": "vm"
      },
      {
		"filterType":"nativeAttributes",
		"entityName":"ip_address",
		"ipMatchingConditions": {
			"ipAddressMatchType":"CIDR Match",
			"cidrNotation":"192.168.1.1/24"
		}
	  }
    ]
  },
  "firstResponseType": "SUPPRESSION",
  "suppression": {
    "suppressSeasonalAlerts": true,
    "suppressByAttributes": true,
    "autoSnooze": true,
    "continuousLearning": false,
    "trainingFileId": "ml_alert_suppression_training"
  }
}

Sample response

{
   "id": "POLICY-AC-c44f4193-154a-4aa5-b8a9-e5ea5acb386b",
   "name": "Policy1",
   "enabled": true,
   "precedence": 1,
   "filterCriteria":
    {   
     "filterBased": true,   
     "matchingType": "ALL",   
     "rules":
      [     
       {       
        "filterType": "nativeAttributes",       
        "entityName": "host_name",       
        "operator": "Starts with",       
        "entityValue": "vm"     
       }   
      ]
    },
   "firstResponseType": "SUPPRESSION",
   "suppression":
     {   
      "suppressSeasonalAlerts": true,   
      "suppressByAttributes": true,  
      "autoSnooze": true, 
      "continuousLearning": true,   
      "trainingFileId": "ml_alert_suppression_training"
     },
   "createdBy":
     {   
      "loginName": "opsramp_api_user",   
      "lastName": " ",   
      "firstName": "OpsRamp API User",   
      "email": "opsAdmin@opsramp.com"
     },
   "createdTime": "2019-02-27T12:50:44+0000",
   "updatedTime": ""
}