Get CAPE Policies
get
/api/event/Policies
Gets the CAPE policies that match the specified parameters. If no parameters are specified, all CAPE policies are returned.
Request
Query Parameters
-
filter: object
The fields to filter the results by. You cannot filter by fields that contain a state.
This parameter's value uses the following JSON format:
{ "property": "property", "value": "propertyValue", "operator": "operator", "conjunction": "conjunction" }
If you use multiple JSON objects to combine filters, for example, to filter by several different device names, you cannot combine OR and AND conjunctions. The conjunction used for the last object applies to the entire list.-
conjunction:
string
Default Value:
ORAllowed Values:[ "AND", "OR" ]The conjunction between filters.Example:AND -
operator:
string
Default Value:
LIKEAllowed Values:[ "eq", "ne", "gte", "gt", "lte", "lt", "LIKE", "NOT LIKE", "re", "not re", "NOT IN" ]The filter operation to use.Example:eq -
property(required):
string
The name of the field to filter on.Example:
name -
value(required):
string
The value of the field to filter on.Example:
test
-
conjunction:
string
-
limit: integer(int32)
The number of records to limit results by. If you do not also set the start parameter, records start at 0.Example:
100 -
sort: object
The field and direction to sort results by. You cannot sort by fields that contain a state.
This parameters value uses the following JSON format: { "property": "property", "direction": "direction" }-
direction(required):
string
Allowed Values:
[ "ASC", "DESC" ]The direction of the sort.Example:ASC -
property(required):
string
The field to sort on.Example:
name
Example:[ { "property":"Name", "direction":"ASC" }, { "property":"Value", "direction":"DESC" } ] -
direction(required):
string
-
start: integer(int32)
The page of results to start from. This parameter is ignored if you do not also set the limit parameter.Default Value:
0Example:1
There's no request body for this operation.
Back to TopResponse
Supported Media Types
- application/json
200 Response
Successful operation
Root Schema : schema
Match All
Show Source
-
object
SuccessfulGetOperation
The response body for a successful get operation.
-
object
type
Nested Schema : SuccessfulGetOperation
Type:
objectThe response body for a successful get operation.
Show Source
-
message: string
The response message.Example:
Loaded 1 entries -
success: boolean
Whether the operation was a success (true) or a failure (false).Example:
true
Nested Schema : type
Type:
Show Source
object-
data: array
data
The list of CAPE policies that match the specified parameters.
-
total: integer
The total number of results regardless of paging.Example:
1
Nested Schema : data
Type:
arrayThe list of CAPE policies that match the specified parameters.
Show Source
Nested Schema : eventPoliciesRead
Type:
Show Source
object-
PolicyDescription: string
CAPE Policy DescriptionExample:
Analytics has found an event that has never happened before or through heuristics has been found as not noise but important. The goal is to increase the severity of the originating event. -
PolicyID: integer
Profile ID specified for individual CRUD operationsExample:
1 -
PolicyName: string
CAPE Policy NameExample:
AbnormalActivity -
PolicyNodeID: integer
The ID of the first node called to process this policy's matching events.Example:
1 -
PolicyNodeName: string
Name of the first node called.Example:
EscalateByAnomaly -
PolicyNodeNameDisplay: string
Name of the first node called.Example:
EscalateByAnomaly -
PolicyPollTime: integer
Interval, in seconds, this policy should run (30 seconds recommended minimum)Example:
30 -
PolicyProcessType: string
Flag to indicate whether events will be processed by each node in a batch, or individually Allowed Values: - 0 => Process Events Individually - 1 => Process Events TogetherExample:
0 -
PolicySelectSQL: string
SQL used to select which events will be processed by this CAPE Policy's node(s)Example:
SELECT * FROM Events WHERE Severity > 1 AND EventType LIKE 'AbnormalActivity-%' -
PolicyStatus: string
Status for the Policy. Status will be Enabled or Disabled.Example:
Enabled -
PolicyStatusIcon: string
CAPE Policy Status Icon. The icon will be "OrbRed.png" or "OrbGreen.png"Example:
OrbGreen.png -
PolicyStatusID: integer
The policy status ID. Either 0 (disabled) or 1 (enabled).Example:
1 -
PolicyZoneID: integer
The device zone ID associated with the policy. 0 is used for "all zones".Example:
0 -
PolicyZoneName: string
The device zone name associated with the policy. It will be null if the zone ID is 0.Example:
oracle.doceng.json.BetterJsonNull@5b977aaa -
PolicyZoneNameDisplay: string
The device zone name associated with the policy. It will be "[All]" if the zone ID is 0.Example:
[All]
Default Response
Failed operation
Root Schema : schema
Type:
Show Source
object-
errors: array
errors
The list of errors reported. Validation errors will be keyed by record field.
-
message: string
The response message.Example:
Exception thrown -
success: boolean
Whether the operation was a success (true) or a failure (false).Example:
false
Nested Schema : errors
Type:
arrayThe list of errors reported. Validation errors will be keyed by record field.
Show Source
-
Array of:
object items
An error.
Nested Schema : items
Type:
objectAn error.