Qodex.ai

Fetch all alerts

GET {{base_url}}/api/alert_manager/v1/alerts

Fetches all alerts by optional filtering parameters.

Request Params

KeyDatatypeRequiredDescription
limitnumber(Optional) A limit on number of objects to be returned.

Type: Integer | | skip | string | | (Optional) IDs of the alerts to exclude from the response.

Type: Array of String Array type description: Type: String Pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$ | | id | string | | (Optional) Case-insensitive IDs of the alerts to return in the results.

Type: Array of String Array type description: Type: String Pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$ | | query | null | | (Optional) A text to search for within planName or resourceName fields of the alerts. The search is case-insensitive.

Type: String | | severity | null | | (Optional) A filter by the alert severity.

Available operators:

  • eq - equals to the specified value: eq(warning)
  • or - equals to one of the specified values: or(warning,critical)
  • lt - less than the specified value: lt(warning)
  • gt - greater than the specified value: gt(warning)
  • le - less than or equals to the specified value: le(warning)
  • ge - greater than or equals to the specified value: ge(warning)

Type: String | | show_deleted | boolean | | (Optional) If true, dismissed alerts will be included in the response.

Type: Boolean Default: false | | show_deleted_only | boolean | | (Optional) If true, only dismissed alerts will be included in the response.

Type: Boolean Default: false | | source | null | | (Optional) A filter by the alert producer.

Type: String | | source_time_stamp | string | | (Optional) A filter by timestamp that was provided by an alert producer.

Type: String Pattern: ^([0-9]+)|(eq([0-9]+))$|(le([0-9]+))|(lt([0-9]+))|(gt([0-9]+))|(ge([0-9]+))$ | | type | string | | (Optional) A filter by list of alert types. A list of registered types can be obtained by sending a GET request to the /types endpoint.

Type: Array of Union Array type description: Type: Union May be any of:

  1. ID used in Cyber Application to uniquely identify an entity either type or instance.

Generic format - cti.<ctx>[~<ctx>]*[~(<ctx>|<uuid>)]

  • <ctx> - <vendor>.<application>.<name>.v<major>.<minor>
  • <vendor> - vendor's short code (max 50 characters)
  • <application> - application's short code (max 50 characters)
  • <name> - entity's name (max 128 characters), may include . and _ to be used for structuring
  • v<major>.<minor> - entity's version

Better regex pattern (for advanced regex processors) ^cti\.(?'ctx'[a-z][a-z0-9_]{0,49}\.[a-z][a-z0-9_]{0,49}\.[a-z][a-z0-9_.]{1,127}\.v[\d]+\.[\d]+)(~(?&ctx))*(~[0-9a-f]{8}\b-[0-9a-f]{4}\b-[0-9a-f]{4}\b-[0-9a-f]{4}\b-[0-9a-f]{12})?$

Type: String Max length: 1024 Pattern: ^cti.([a-z][a-z0-9_].[a-z][a-z0-9_].[a-z_][a-z0-9_.].v[\d]+.[\d]+)(~([a-z][a-z0-9_].[a-z][a-z0-9_].[a-z_][a-z0-9_.].v[\d]+.[\d]+))*(~[0-9a-f]{8}\b-[0-9a-f]{4}\b-[0-9a-f]{4}\b-[0-9a-f]{4}\b-[0-9a-f]{12})?$

  1. Type: String | | category | string | | (Optional) A filter by list of alert categories. A list of registered categories can be obtained by sending a GET request to the /categories endpoint.

Type: Array of Union Array type description: Type: Union May be any of:

  1. ID used in Cyber Application to uniquely identify an entity either type or instance.

Generic format - cti.<ctx>[~<ctx>]*[~(<ctx>|<uuid>)]

  • <ctx> - <vendor>.<application>.<name>.v<major>.<minor>
  • <vendor> - vendor's short code (max 50 characters)
  • <application> - application's short code (max 50 characters)
  • <name> - entity's name (max 128 characters), may include . and _ to be used for structuring
  • v<major>.<minor> - entity's version

Better regex pattern (for advanced regex processors) ^cti\.(?'ctx'[a-z][a-z0-9_]{0,49}\.[a-z][a-z0-9_]{0,49}\.[a-z][a-z0-9_.]{1,127}\.v[\d]+\.[\d]+)(~(?&ctx))*(~[0-9a-f]{8}\b-[0-9a-f]{4}\b-[0-9a-f]{4}\b-[0-9a-f]{4}\b-[0-9a-f]{12})?$

Type: String Max length: 1024 Pattern: ^cti.([a-z][a-z0-9_].[a-z][a-z0-9_].[a-z_][a-z0-9_.].v[\d]+.[\d]+)(~([a-z][a-z0-9_].[a-z][a-z0-9_].[a-z_][a-z0-9_.].v[\d]+.[\d]+))*(~[0-9a-f]{8}\b-[0-9a-f]{4}\b-[0-9a-f]{4}\b-[0-9a-f]{4}\b-[0-9a-f]{12})?$

  1. Type: String | | updated_at | string | | (Optional) A filter by date when the alert was created or dismissed.

Type: String Pattern: ^([0-9]+)|(eq([0-9]+))$|(le([0-9]+))|(lt([0-9]+))|(gt([0-9]+))|(ge([0-9]+))$ | | created_at | string | | (Optional) A filter by date when the alert was created.

Type: String Pattern: ^([0-9]+)|(eq([0-9]+))$|(le([0-9]+))|(lt([0-9]+))|(gt([0-9]+))|(ge([0-9]+))$ | | deleted_at | string | | (Optional) A filter by date when the alert was dismissed.

Type: String Pattern: ^([0-9]+)|(eq([0-9]+))$|(le([0-9]+))|(lt([0-9]+))|(gt([0-9]+))|(ge([0-9]+))$ | | planId | string | | (Optional) A filter for alerts with the specified plan IDs.

Type: Array of String Array type description: Type: String | | resourceId | string | | (Optional) A filter for alerts with the specified resource IDs.

Type: Array of String Array type description: Type: String | | planName | string | | (Optional) A filter for alerts with the specified plan names.

Type: Array of String Array type description: Type: String | | resourceName | string | | (Optional) A filter for alerts with the specified resource names.

Type: Array of String Array type description: Type: String | | order | string | | (Optional) An ordering filter that orders the results by parameter value. If no operator provided, the results will be ordered in ascending order.

Following parameters can be used:

  • created_at
  • type
  • severity
  • source
  • source_time_stamp
  • updated_at
  • deleted_at
  • category
  • planId
  • planName
  • resourceId
  • resourceName

Available operators:

  • asc - ascending
  • desc - descending

Type: String | | tenant | null | | (Optional) A filter by the alert tenant ID.

Type: Array of String Array type description: Type: String |

RESPONSES

status: OK

{"items":[{"_source":"6852F263-2B5E-48BF-B78B-486182D9BDBE","updatedAt":"2021-04-05T20:41:42.352636392Z","tenant":{"id":"56","uuid":"53a17005-b4be-4c5c-8186-758349e343cd","locator":"/1/50/53/56/"},"_sourceTimeStamp":3246,"id":"01C2D69A-112B-4DE1-98AE-8688223C5F4B","createdAt":"2021-04-05T20:41:41Z","details":{"activity":{"id":"D028B06E-36D6-43FF-9242-35E8A9917E3A"},"activityId":"D028B06E-36D6-43FF-9242-35E8A9917E3A"},"category":"Backup","receivedAt":"2021-04-01T22:16:19.71025511Z","severity":"critical","type":"cti.a.p.am.alert.v1.0~a.p.backup.failed.v1.0"},{"updatedAt":"2021-04-05T23:41:55.089638934Z","tenant":{"id":"1","uuid":"0fb7213f-ee49-4be6-894f-6cff408af616","locator":"/1/"},"id":"BACA9625-A993-4722-B03F-F2807C85E76F","createdAt":"2021-04-05T23:41:55.089638934Z","details":{},"category":"cti.a.p.am.category.v1.0~a.p.dr.v1.0","receivedAt":"2021-04-05T23:41:55.089638324Z","severity":"warning","type":"cti.a.p.am.alert.v1.0~a.dr.internet_traffic.unblocked.v1.0"},{"updatedAt":"2021-04-01T14:19:32.202462769Z","tenant":{"id":"1","uuid":"0fb7213f-ee49-4be6-894f-6cff408af616","locator":"/1/"},"id":"CBE8B43A-70C9-4343-B942-82D56E34FDF0","createdAt":"2021-04-01T14:19:32.202462769Z","details":{},"category":"cti.a.p.am.category.v1.0~a.p.dr.v1.0","receivedAt":"2021-04-01T14:19:32.202461826Z","severity":"warning","type":"cti.a.p.am.alert.v1.0~a.dr.internet_traffic.unblocked.v1.0"}],"paging":{"cursors":{}}}