List Alert Rules V2

GET 
/v2/alert/rule

Returns all alert rules you have permission to see based on your role. The data returned does not include an open alerts count.

This request does not return a populated alertRuleNotificationConfig property in the response object. Use Get Alert Rule by ID
to retrieve a response that includes a populated alertRuleNotificationConfig property.

Request

Query Parameters

enabled boolean

Process only enabled alert rules

Responses

200

successful operation

application/json; charset=UTF-8

Schema

Schema

• Array [
alertRuleNotificationConfig object[]
List of data for notifications to third-party tools
Array [
dayOfMonth int32
Day of month
daysOfWeek object[]
Days of week
Array [
day string
Possible values: [SU, MO, TU, WE, TH, FR, SA]
offset int32
]
detailedReport boolean
Provide csv detailed report
enabled boolean
Scan enabled
frequency string
Possible values: [as_it_happens, daily, weekly, monthly]
frequencyFromRRule string
Frequency from RRule
hourOfDay int32
Hour of day
id string
Alert rule notification config ID
includeRemediation boolean
Include remediation in detailed report
lastUpdated int64
Last Updated
last_sent_ts int64
Time of last notification in milliseconds
recipients string[]
• For email notifications: List of unique email addresses to notify
• For integrations without notification templates: List of integration ids
• For integrations with notification templates: List of notification template ids
rruleSchedule string
templateId string
Template ID
timezone string
Java time zone ID (e.g. America/Los_Angeles)
type string
Possible values: [email, slack, splunk, amazon_sqs, jira, microsoft_teams, webhook, aws_security_hub, google_cscc, service_now, pager_duty, azure_service_bus_queue, demisto, aws_s3, snowflake]
Integration type
withCompression boolean
Compress detailed report
]
allowAutoRemediate boolean

Allow Auto-Remediation

delayNotificationMs int64

Delay notifications by the specified milliseconds

description string

Rule/Scan description

enabled boolean

Rule/Scan is enabled

lastModifiedBy string

Last modified by

lastModifiedOn int64

Last modified on this date/time in milliseconds

name stringrequired

Rule/Scan name

notificationChannels string[]

List of notification channels

notifyOnDismissed boolean

include dismissed alerts in notification

notifyOnOpen boolean

include open alerts in notification

notifyOnResolved boolean

include resolved alerts in notification

notifyOnSnoozed boolean

include snoozed alerts in notification

openAlertsCount int32

Open alerts count (Deprecated - will be removed soon)

owner string

Customer

policies string[]

List of specific policies to scan

policyLabels string[]

Policy labels

policyScanConfigId string

Policy Scan Config ID

readOnly boolean

Model is read-only

scanAll boolean

Scan all policies

target objectrequired
Model for Target Filter
accountGroups string[]
List of Account group(s)
alertRulePolicyFilter object
Model for Alert Rule Policy Filter
availablePolicyFilters string[]
List of available Alert Rule Policy Filters
cloud.type string[]
Possible values: [ALL, AWS, AZURE, GCP, ALIBABA_CLOUD, OCI, IBM]
Cloud Type Filter
policy.complianceStandard string[]
Compliance Standard Filter
policy.label string[]
Policy Label Filter
policy.severity string[]
Policy Severity Filter
excludedAccounts string[]
List of excluded accounts
includedResourceLists object
Model for holding the lists resource list ids by resource list type
computeAccessGroupIds string[]
regions string[]
List of regions for which alerts will be triggered for account groups. Alerts not associated with specific regions will be triggered regardless of listed regions. If no regions are specified, then the alerts will be triggered for all regions.
tags object[]
List of TargetTag models (resource tags) for which alerts should be triggered
Array [
key string
Resource tag target
values string[]
List of value(s) for resource tag key
]
• ]

Example (from schema)

[
  {
    "alertRuleNotificationConfig": [
      {
        "dayOfMonth": 0,
        "daysOfWeek": [
          {
            "day": "SU",
            "offset": 0
          }
        ],
        "detailedReport": true,
        "enabled": true,
        "frequency": "as_it_happens",
        "frequencyFromRRule": "string",
        "hourOfDay": 0,
        "id": "string",
        "includeRemediation": true,
        "lastUpdated": 0,
        "last_sent_ts": 0,
        "recipients": [
          "string"
        ],
        "rruleSchedule": "string",
        "templateId": "string",
        "timezone": "string",
        "type": "email",
        "withCompression": true
      }
    ],
    "allowAutoRemediate": true,
    "delayNotificationMs": 0,
    "description": "string",
    "enabled": true,
    "lastModifiedBy": "string",
    "lastModifiedOn": 0,
    "name": "string",
    "notificationChannels": [
      "string"
    ],
    "notifyOnDismissed": true,
    "notifyOnOpen": true,
    "notifyOnResolved": true,
    "notifyOnSnoozed": true,
    "openAlertsCount": 0,
    "owner": "string",
    "policies": [
      "string"
    ],
    "policyLabels": [
      "string"
    ],
    "policyScanConfigId": "string",
    "readOnly": true,
    "scanAll": true,
    "target": {
      "accountGroups": [
        "string"
      ],
      "alertRulePolicyFilter": {
        "availablePolicyFilters": [
          "string"
        ],
        "cloud.type": [
          "ALL"
        ],
        "policy.complianceStandard": [
          "string"
        ],
        "policy.label": [
          "string"
        ],
        "policy.severity": [
          "string"
        ]
      },
      "excludedAccounts": [
        "string"
      ],
      "includedResourceLists": {
        "computeAccessGroupIds": [
          "string"
        ]
      },
      "regions": [
        "string"
      ],
      "tags": [
        {
          "key": "string",
          "values": [
            "string"
          ]
        }
      ]
    }
  }
]

Loading...