Endpoint
/api/v2/tenants/{tenantId}/policies/alertCorrelation
Path Parameters
tenantId
string

Describes the client ID or msp ID of the tenant

Query Parameters
pageNo
integer

pageSize
integer

Responses

OK

descendingOrder
boolean

nextPage
boolean

orderBy
string

pageNo
integer

pageSize
integer

previousPageNo
integer

results
array

results.enabled
results.id
results.machineLearning
results.name
results.precedence
results.type
totalPages
integer

totalResults
integer

{
  "descendingOrder": false,
  "nextPage": false,
  "orderBy": "precedence",
  "pageNo": 1,
  "pageSize": 100,
  "previousPageNo": 0,
  "results": [
    {
      "enabled": false,
      "id": "POLICY-AC-165c4ee5-8b31-4cba-b88e-f20e57ae8358",
      "name": "test_dependency_correlation_ap",
      "precedence": 25,
      "type": "DEPENDENCY"
    },
    {
      "enabled": true,
      "id": "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
      "name": "test_algorithm_correlation_ap",
      "precedence": 29,
      "type": "ALGORITHM"
    },
    {
      "enabled": true,
      "id": "POLICY-AC-1556bcf6-7cc2-44ba-ba1f-8ca5a211bcb3",
      "machineLearning": {
        "accuracy": 98
      },
      "name": "test_co-occurrence_correlation_ap",
      "precedence": 30,
      "type": "CO_OCCURRENCE"
    }
  ],
  "totalPages": 1,
  "totalResults": 3
}
{
  "descendingOrder": false,
  "nextPage": false,
  "orderBy": "precedence",
  "pageNo": 1,
  "pageSize": 100,
  "previousPageNo": 0,
  "results": [
    {
      "enabled": false,
      "id": "POLICY-AC-165c4ee5-8b31-4cba-b88e-f20e57ae8358",
      "name": "test_dependency_correlation_ap",
      "precedence": 25,
      "type": "DEPENDENCY"
    },
    {
      "enabled": true,
      "id": "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
      "name": "test_algorithm_correlation_ap",
      "precedence": 29,
      "type": "ALGORITHM"
    },
    {
      "enabled": true,
      "id": "POLICY-AC-1556bcf6-7cc2-44ba-ba1f-8ca5a211bcb3",
      "machineLearning": {
        "accuracy": 98
      },
      "name": "test_co-occurrence_correlation_ap",
      "precedence": 30,
      "type": "CO_OCCURRENCE"
    }
  ],
  "totalPages": 1,
  "totalResults": 3
}
{
  "descendingOrder": false,
  "nextPage": false,
  "orderBy": "precedence",
  "pageNo": 1,
  "pageSize": 10,
  "previousPageNo": 0,
  "results": [
    {
      "enabled": false,
      "id": "POLICY-AC-165c4ee5-8b31-4cba-b88e-f20e57ae8358",
      "name": "test_dependency_correlation_ap",
      "precedence": 25,
      "type": "DEPENDENCY"
    },
    {
      "enabled": true,
      "id": "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
      "name": "test_algorithm_correlation_ap",
      "precedence": 29,
      "type": "ALGORITHM"
    },
    {
      "enabled": true,
      "id": "POLICY-AC-1556bcf6-7cc2-44ba-ba1f-8ca5a211bcb3",
      "name": "test_co-occurrence_correlation_ap",
      "precedence": 30,
      "type": "CO_OCCURRENCE"
    }
  ],
  "totalPages": 1,
  "totalResults": 3
}
Endpoint
/api/v2/tenants/{tenantId}/policies/alertCorrelation
Path Parameters
tenantId
string

Describes the client ID or msp ID of the tenant

algorithmCorrelation
object

Correlate alerts that share similar alert properties.

algorithmCorrelation.alertsTimeWindow
(Optional) Correlate alerts that are generated within a time span specified in minutes. If a value isn't specified, the default time window is 5 minutes.
algorithmCorrelation.machineLearning
algorithmCorrelation.matchingConditions
Correlate alerts based all of the on the following: 1. Select the alert property with which the alerts should be grouped (example is "Host Name"). 2. Match the type of alert property. If a user wants to correlate alerts which exactly share same IP address 172.34.213, provide the "property": "ip_address" and "matchType": "Identical" fields. See Matching conditions table for detailed information on match types.
algorithmCorrelation.primaryAlertSubject
(Optional) Provide a subject for the primary alert generated. This helps to identify the Inference. If no subject is provided, the primary alert is treated as the subject for alert correlation.
dependencyCorrelation
object

Correlate alerts on upstream and downstream resources.

dependencyCorrelation.alertsTimeWindow
(Optional) Correlate alerts that are generated within a time span specified in minutes. An example is when a user wants to correlate alerts on upstream and downstream resources within a span of 15 minutes. If a value isn't specified, the default time window is 5 minutes.
dependencyCorrelation.downstreamMetrics
Metrics on the downstream resource that may generate alerts. Use the Get Metrics API to get metrics assigned to a resource.
dependencyCorrelation.upstreamMetrics
Metrics on the upstream resource that may generate alerts. Use the Get Metrics API to get metrics assigned to a resource.
enabledMode
string

(Optional) To enable an alert correlation policy, set "enabledMode": "ON". To disable an alert correlation policy, set "enabledMode: "OFF". To enable an alert correlation policy to observe, set "enabledMode": "OBSERVED".

filterCriteria
object

(Optional) Filter for resources whose alerts will match this policy.

filterCriteria.filterBased
Determine if the alert correlation policy should consider the below filter rules.
filterCriteria.matchingType
Match ALL or ANY of the rules to filter for resources whose alerts will match this policy.
filterCriteria.rules
(Mandatory if "filterBase": "true") Filter resources with the rules that follow.
includedClients
array

name
string

The name of the alert correlation policy.

organizationMatchingType
string

precedence
integer

(Optional) Determine the execution order of a policy. For example, if VMware is specified as part of the agent status policy and network outage policy, the user can determine which policy should execute first to correlate VMware alerts.

type
string

The alert correlation policy type.

{
  "algorithmCorrelation": {
    "alertsTimeWindow": 20,
    "matchingConditions": [
      {
        "matchType": "Identical",
        "property": "subject"
      },
      {
        "matchType": "Identical",
        "property": "alert_metric"
      }
    ],
    "primaryAlertSubject": "subject-alertMetric policy"
  },
  "filterCriteria": {
    "filterBased": true,
    "matchingType": "ALL",
    "rules": [
      {
        "entityName": "resource_name",
        "entityValue": "vm",
        "filterType": "nativeAttributes",
        "operator": "Contains"
      },
      {
        "entityName": "test_custom_attribute",
        "entityValue": "a",
        "filterType": "customAttributes",
        "operator": "Not Contains"
      }
    ]
  },
  "name": "test_algorithm_correlation_ap",
  "organizationMatchingType": "ALL",
  "type": "ALGORITHM"
}
{
  "algorithmCorrelation": {
    "alertsTimeWindow": 20,
    "matchingConditions": [
      {
        "matchType": "Identical",
        "property": "subject"
      },
      {
        "matchType": "Identical",
        "property": "alert_metric"
      }
    ],
    "primaryAlertSubject": "subject-alertMetric policy"
  },
  "filterCriteria": {
    "filterBased": true,
    "matchingType": "ALL",
    "rules": [
      {
        "entityName": "resource_name",
        "entityValue": "vm",
        "filterType": "nativeAttributes",
        "operator": "Contains"
      },
      {
        "entityName": "test_custom_attribute",
        "entityValue": "a",
        "filterType": "customAttributes",
        "operator": "Not Contains"
      }
    ]
  },
  "includedClients": [
    "client_8",
    "client_9"
  ],
  "name": "test_algorithm_correlation_ap",
  "organizationMatchingType": "INCLUDE",
  "type": "ALGORITHM"
}
{
  "algorithmCorrelation": {
    "alertsTimeWindow": 20,
    "matchingConditions": [
      {
        "matchType": "Identical",
        "property": "subject"
      },
      {
        "matchType": "Nearly Identical",
        "property": "alert_metric"
      }
    ],
    "primaryAlertSubject": "Agent down on parked VMwares"
  },
  "filterCriteria": {
    "filterBased": true,
    "matchingType": "ALL",
    "rules": [
      {
        "entityName": "resource_name",
        "entityValue": "vm",
        "filterType": "nativeAttributes",
        "operator": "Contains"
      },
      {
        "entityName": "Agent Status",
        "entityValue": "Down",
        "filterType": "customAttributes",
        "operator": "Equals"
      }
    ]
  },
  "name": "Correlate alerts on parked VMwares",
  "type": "ALGORITHM"
}
{
  "filterCriteria": {
    "filterBased": true,
    "matchingType": "ALL",
    "rules": [
      {
        "entityName": "resource_name",
        "entityValue": "Logix",
        "filterType": "nativeAttributes",
        "operator": "Contains"
      },
      {
        "entityName": "agent_status",
        "entityValue": "up",
        "filterType": "customAttributes",
        "operator": "Equals"
      }
    ]
  },
  "name": "Server-SJ Alerts",
  "type": "CO_OCCURRENCE"
}
{
  "algorithmCorrelation": {
    "alertsTimeWindow": 20,
    "matchingConditions": [
      {
        "matchType": "Identical",
        "property": "resource_name"
      }
    ],
    "primaryAlertSubject": "IP policy api demo"
  },
  "filterCriteria": {
    "filterBased": true,
    "matchingType": "ALL",
    "rules": [
      {
        "entityName": "ip_address",
        "filterType": "nativeAttributes",
        "ipMatchingConditions": {
          "ipAddress": "192.168.5.130",
          "ipAddressMatchType": "Within Range",
          "netmask": "255.255.255.192"
        }
      }
    ]
  },
  "name": "Server-SJ Alerts",
  "type": "ALGORITHM"
}

Responses

OK

algorithmCorrelation
object

algorithmCorrelation.alertsTimeWindow
algorithmCorrelation.matchingConditions
algorithmCorrelation.primaryAlertSubject
createdBy
object

createdBy.email
createdBy.firstName
createdBy.lastName
createdBy.loginName
createdTime
string

enabled
boolean

filterCriteria
object

filterCriteria.filterBased
filterCriteria.matchingType
filterCriteria.rules
id
string

name
string

precedence
integer

type
string

updatedTime
string

{
  "algorithmCorrelation": {
    "alertsTimeWindow": 20,
    "matchingConditions": [
      {
        "matchType": "Identical",
        "property": "subject"
      },
      {
        "matchType": "Identical",
        "property": "alert_metric"
      }
    ],
    "primaryAlertSubject": "subject-alertMetric policy"
  },
  "clientsIncluded": "ALL",
  "createdBy": {
    "email": "admin@opsramp.com",
    "firstName": "OpsRamp API User",
    "lastName": " ",
    "loginName": "opsramp_api_user"
  },
  "createdTime": "2017-11-27T13:14:07+0000",
  "enabled": true,
  "filterCriteria": {
    "filterBased": true,
    "matchingType": "ALL",
    "rules": [
      {
        "entityName": "resource_name",
        "entityValue": "vm",
        "filterType": "nativeAttributes",
        "operator": "Contains"
      },
      {
        "entityName": "test_custom_attribute",
        "entityValue": "a",
        "filterType": "customAttributes",
        "operator": "Not Contains"
      }
    ]
  },
  "id": "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
  "name": "test_algorithm_correlation_ap",
  "precedence": 29,
  "type": "ALGORITHM",
  "updatedTime": ""
}
{
  "algorithmCorrelation": {
    "alertsTimeWindow": 20,
    "matchingConditions": [
      {
        "matchType": "Identical",
        "property": "subject"
      },
      {
        "matchType": "Identical",
        "property": "alert_metric"
      }
    ],
    "primaryAlertSubject": "subject-alertMetric policy"
  },
  "createdBy": {
    "email": "admin@opsramp.com",
    "firstName": "OpsRamp API User",
    "lastName": " ",
    "loginName": "opsramp_api_user"
  },
  "createdTime": "2017-11-27T13:14:07+0000",
  "enabled": true,
  "filterCriteria": {
    "filterBased": true,
    "matchingType": "ALL",
    "rules": [
      {
        "entityName": "resource_name",
        "entityValue": "vm",
        "filterType": "nativeAttributes",
        "operator": "Contains"
      },
      {
        "entityName": "test_custom_attribute",
        "entityValue": "a",
        "filterType": "customAttributes",
        "operator": "Not Contains"
      }
    ]
  },
  "id": "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
  "includedClients": [
    "client_8",
    "client_9"
  ],
  "name": "test_algorithm_correlation_ap",
  "precedence": 29,
  "type": "ALGORITHM",
  "updatedTime": ""
}
{
  "algorithmCorrelation": {
    "alertsTimeWindow": 20,
    "matchingConditions": [
      {
        "matchType": "Identical",
        "property": "subject"
      },
      {
        "matchType": "Nearly Identical",
        "property": "alert_metric"
      }
    ],
    "primaryAlertSubject": "Agent down on parked VMwares"
  },
  "createdBy": {
    "email": "john.smith@myorganization.com",
    "firstName": "John",
    "lastName": "Smith",
    "loginName": "John_Smith"
  },
  "createdTime": "2018-04-27T13:14:07+0000",
  "enabled": true,
  "filterCriteria": {
    "filterBased": true,
    "matchingType": "ALL",
    "rules": [
      {
        "entityName": "resource_name",
        "entityValue": "vm",
        "filterType": "nativeAttributes",
        "operator": "Contains"
      },
      {
        "entityName": "Agent Status",
        "entityValue": "Down",
        "filterType": "customAttributes",
        "operator": "Equals"
      }
    ]
  },
  "id": "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
  "name": "Correlate alerts on parked VMwares",
  "precedence": 29,
  "type": "ALGORITHM",
  "updatedTime": ""
}
{
  "createdBy": {
    "email": "john.smith@myorganization.com",
    "firstName": "OpsRamp API User",
    "lastName": " ",
    "loginName": "opsramp_api_user"
  },
  "createdTime": "2018-08-27T13:14:07+0000",
  "enabled": true,
  "filterCriteria": {
    "filterBased": true,
    "matchingType": "ALL",
    "rules": [
      {
        "entityName": "resource_name",
        "entityValue": "Logix",
        "filterType": "nativeAttributes",
        "operator": "Contains"
      },
      {
        "entityName": "agent-status",
        "entityValue": "up",
        "filterType": "customAttributes",
        "operator": "Equals"
      }
    ]
  },
  "id": "POLICY-AC-1556bcf6-7cc2-44ba-ba1f-8ca5a211bcb3",
  "name": "Server-SJ Alerts",
  "precedence": 30,
  "type": "CO_OCCURRENCE",
  "updatedTime": ""
}
{
  "algorithmCorrelation": {
    "alertsTimeWindow": 20,
    "matchingConditions": [
      {
        "matchType": "Identical",
        "property": "resource_name"
      }
    ],
    "primaryAlertSubject": "IP policy api demo"
  },
  "createdBy": {
    "email": "admin@opsramp.com",
    "firstName": "OpsRamp API User",
    "lastName": " ",
    "loginName": "opsramp_api_user"
  },
  "createdTime": "2018-12-28T10:42:42+0000",
  "enabled": true,
  "filterCriteria": {
    "filterBased": true,
    "matchingType": "ALL",
    "rules": [
      {
        "entityName": "ip_address",
        "filterType": "nativeAttributes",
        "ipMatchingConditions": {
          "ipAddress": "192.168.5.130",
          "ipAddressMatchType": "Within Range",
          "netmask": "255.255.255.192"
        }
      }
    ]
  },
  "id": "POLICY-AC-e275116e-c457-47be-bd25-9eef3c1d7976",
  "name": "IP policy api demo",
  "precedence": 88,
  "type": "ALGORITHM",
  "updatedTime": ""
}