Update First Response Policy

This endpoint is used to update the First Response Policy.

URL

POST https://{api-url}/api/v2/tenants/{clientId}/policies/firstResponse/{policyId}

Sample URLs

https://{api-url}/api/v2/tenants/client_7/policies/firstResponse/{policyId}

Parameters

Field

Data Type

Description

name

String

Name of the first response policy. Maximum length: 250 characters.

enabled

String

(Optional) State of the first response policy. Default state: true.

precedence

Integer

(Optional) Order of execution of the first response policy.

filterCriteria

filterBased
matchingType
rules
- filterType
- entityName
- operator
- entityValue

Object

String
String
List
- String
- String
- String
- String

(Optional) Values used for filter criteria.

Defines the value used for filterBased. Default Value: False.
Defines the type of matching results either ANY or ALL.
- Select ANY to match results based on any specified filter criteria.
- Select ALL to match results based on all specified filter criteria.
By default, the field rules is set to False. Mandatory only when filterBased is TRUE. Values for filterType are either
- native attributes
  dns_name host_name alias_name ip_address
  resource_type agent_installed operating_system make
  model alert_source alert_metric
  or
- custom attributes
  - Provide custom attribute names defined for client or partner or service provider assigned to the resources.
- Select rules for operator from the following:
  Contains Not Contains Equals Not Equals
  Starts With Ends With Regex Is (yes, no)
- Value used to compare.

firstResponseType

String

The first response type. Supported value: SUPPRESSION.

suppression

suppressSeasonalAlerts
suppressByAttributes
autoSnooze
continuousLearning
trainingFileId

Object

Boolean
Boolean
Boolean
Boolean
String

Used only for suppression type.

Suppress alerts that happen regularly and at the same time approximately.
Suppress specific alerts.
Snooze specific alerts for a given time.
Enable/Disable continuous machine learning.
ID of the training file. This ID is used only when suppressByAttributes is TRUE.

Status code

200 OK

Sample request

{
  "name": "firstResponse_1",
  "enabled": true,
  "filterCriteria": {
    "filterBased": true,
    "matchingType": "ALL",
    "rules": [
      {
        "filterType": "nativeAttributes",
        "entityName": "host_name",
        "operator": "Starts with",
        "entityValue": "vm"
      },
      {
		"filterType":"nativeAttributes",
		"entityName":"ip_address",
		"ipMatchingConditions": {
			"ipAddressMatchType":"CIDR Match",
			"cidrNotation":"192.168.1.1/24"
		}
	  }
    ]
  },
  "firstResponseType": "SUPPRESSION",
  "suppression": {
    "suppressSeasonalAlerts": true,
    "suppressByAttributes": true,
    "autoSnooze": true,
    "continuousLearning": false,
    "trainingFileId": "ml_alert_suppression_training"
  }
}

Sample response

{
   "id": "POLICY-AC-c44f4193-154a-4aa5-b8a9-e5ea5acb386b",
   "name": "Policy1",
   "enabled": true,
   "precedence": 1,
   "filterCriteria":
    {   
     "filterBased": true,   
     "matchingType": "ALL",   
     "rules":
      [     
       {       
        "filterType": "nativeAttributes",       
        "entityName": "host_name",       
        "operator": "Starts with",       
        "entityValue": "vm"     
       }   
      ]
    },
   "firstResponseType": "SUPPRESSION",
   "suppression":
     {   
      "suppressSeasonalAlerts": true,   
      "suppressByAttributes": true,  
      "autoSnooze": true, 
      "continuousLearning": true,   
      "trainingFileId": "ml_alert_suppression_training"
     },
   "createdBy":
     {   
      "loginName": "opsramp_api_user",   
      "lastName": " ",   
      "firstName": "OpsRamp API User",   
      "email": "opsAdmin@opsramp.com"
     },
   "createdTime": "2019-02-27T12:50:44+0000",
   "updatedTime": ""
}