Create the First Response Policy
This endpoint is used to create First Response Policy.
URL
POST https://{api-url}/api/v2/tenants/{tenantId}/policies/firstResponse
Sample URLs
https://{api-url}/api/v2/tenants/client_7/policies/firstResponse
| Header | Value |
|---|
| Authorization | Bearer {accessToken} |
| Content-type | application/octet-stream |
| Accept | application/octet-stream |
Parameters
| Field | Data Type | Description |
|---|
| name | String | Name of the first response policy. Maximum length: 250 characters. |
| enabled | String | (Optional) State of the first response policy. Default state: true. |
| precedence | Integer | (Optional) Order of execution of the first response policy. |
filterCriteria- filterBased
- matchingType
- rules
- filterType
- entityName
- operator
- entityValue
| Object | (Optional) Values used for filter criteria.- Defines the value used for filterBased. Default Value: False.
- Defines the type of matching results either ANY or ALL.
- Select ANY to match results based on any specified filter criteria.
- Select ALL to match results based on all specified filter criteria.
- By default, the field rules is set to False. Mandatory only when filterBased is TRUE. Values for filterType are either
- native attributes
| dns_name | host_name | alias_name | ip_address | | resource_type | agent_installed | operating_system | make | | model | alert_source | alert_metric | |
or - custom attributes
- Provide custom attribute names defined for client or partner or service provider assigned to the resources.
- Select rules for operator from the following:
| Contains | Not Contains | Equals | Not Equals | | Starts With | Ends With | Regex | Is (yes, no) |
- Value used to compare.
|
| firstResponseType | String | The first response type. Supported value: SUPPRESSION. |
suppression- suppressSeasonalAlerts
- suppressByAttributes
- autoSnooze
- continuousLearning
- trainingFileId
| Object- Boolean
- Boolean
- Boolean
- Boolean
- String
| Used only for suppression type.- Suppress alerts that happen regularly and at the same time approximately.
- Suppress specific alerts.
- Snooze specific alerts for a given time.
- Enable/Disable continuous machine learning.
- ID of the training file. This ID is used only when suppressByAttributes is TRUE.
|
Status code
200 OK
Sample request
{
"name":"Policy1",
"filterCriteria":
{
"filterBased":"true",
"matchingType":"ALL",
"rules":
[
{
"filterType":"native",
"entityName":"host_name",
"operator":"Starts With",
"entityValue":"vm"
}
]
},
"firstResponseType":"SUPPRESSION",
"suppression":
{
"suppressSeasonalAlerts": true,
"suppressByAttributes": true,
"autoSnooze": true,
"continuousLearning": true,
"trainingFileId": "ml_alert_suppression_training"
}
}
Sample response
{
"id": "POLICY-AC-c44f4193-154a-4aa5-b8a9-e5ea5acb386b",
"name": "Policy1",
"enabled": true,
"precedence": 1,
"filterCriteria":
{
"filterBased": true,
"matchingType": "ALL",
"rules":
[
{
"filterType": "nativeAttributes",
"entityName": "host_name",
"operator": "Starts with",
"entityValue": "vm"
}
]
},
"firstResponseType": "SUPPRESSION",
"suppression":
{
"suppressSeasonalAlerts": true,
"suppressByAttributes": true,
"autoSnooze": true,
"continuousLearning": true,
"trainingFileId": "ml_alert_suppression_training"
},
"createdBy":
{
"loginName": "opsramp_api_user",
"lastName": " ",
"firstName": "OpsRamp API User",
"email": "opsAdmin@opsramp.com"
},
"createdTime": "2019-02-27T12:50:44+0000",
"updatedTime": ""
}