REST API for Unified Assurance Core

Create an Event Watcher Policy

post

/api/event/WatcherPolicies

Creates a new event watcher policy.
Because event watcher policies are stored in the database with a specific user ID, and externally-authenticated transient users do not have Unified Assurance user IDs, transient users cannot create event watcher policies.
The minimum required properties in the request body are:

PolicyName
PolicyDescription
PolicyPollTime
PolicyStatusID
PolicyThresholdMetric
PolicyThresholdField
PolicyThresholdOperatorID
PolicyThresholdValue
ActionType
PolicyEventID
SearchType
PolicyGrouping

Request

There are no request parameters for this operation.

Supported Media Types

application/json

Root Schema : schema

Type: object

Show Source

EmailAddresses: string

Comma-separated list of notification recipients.

Example:
NotificationProfileID: integer

ID of the notification profile.

Example: 0
NotificationTemplateID: integer

ID of the notification template.

Example: 0
PolicyDescription: string

Event Watcher Policy Description

Example: For any Login Failures by Node in the last 15 mins If any login failures occur and the Sum of Count >= 3, create this event.
PolicyEventID: integer

The ID of the Meta Event that should be dispatched if the threshold condition is met for the filtered metrics

Example: 3
PolicyFilter: string

SQL used to select which events will be processed by this CAPE Policy's node(s)

Example: (EventType = 'LoginLogout' AND Severity > 1 AND LastReported > (UNIX_TIMESTAMP() - 900))
PolicyGrouping: string

A SQL "GROUP BY" clause that allows the filtered metrics to be grouped. Valid format is empty or a comma-delimited list of one or more Event.Events field names

Example: Node
PolicyName: string

The event watcher policy name.
To avoid confusion with numeric IDs, the name value cannot be integers only or integers prefixed with the + or - symbols only. It must contain letters or other characters. For example, 1234, +1234, and -1234 are not valid, but US1234, US+1234 and US_1234 are.

Example: Login failure x3
PolicyPollTime: integer

How often, in seconds, should this policy be checked

Example: 900
PolicyStatusID: integer

The event watcher policy status ID. Either 0 (disabled) or 1 (enabled).

Example: 0
PolicyThresholdField: string

Field from Event.Events DB table to use in threshold calculation. Value must be a field in Events. The Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)'

Example: Count
PolicyThresholdMetric: string

SQL Function applied to $PolicyThresholdField and compared with the $PolicyThresholdOperatorID operator against $PolicyThresholdValue The Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)' Allowed Values: - count - sum - max - min - avg

Example: sum
PolicyThresholdOperatorID: integer

The OperatorID of the threshold calculation The Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)' Allowed Values: - 0 => = - 1 => > - 2 => >= - 3 => < - 4 => <= 5 -> !=

Example: 2
PolicyThresholdValue: number

The numeric value used in the threshold condition. The Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)'

Example: 3

{
    "type":"object",
    "properties":{
        "PolicyName":{
            "description":"The event watcher policy name. <br>To avoid confusion with numeric IDs, the name value cannot be integers only or integers prefixed with the + or - symbols only. It must contain letters or other characters. For example, <b>1234</b>, <b>+1234</b>, and <b>-1234</b> are not valid, but <b>US1234</b>, <b>US+1234</b> and <b>US_1234</b> are.",
            "type":"string",
            "example":"Login failure x3"
        },
        "PolicyStatusID":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyStatusID"
        },
        "PolicyPollTime":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyPollTime"
        },
        "PolicyDescription":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyDescription"
        },
        "PolicyGrouping":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyGrouping"
        },
        "PolicyFilter":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyFilter"
        },
        "PolicyThresholdMetric":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyThresholdMetric"
        },
        "PolicyThresholdField":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyThresholdField"
        },
        "PolicyThresholdOperatorID":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyThresholdOperatorID"
        },
        "PolicyThresholdValue":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyThresholdValue"
        },
        "PolicyEventID":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyEventID"
        },
        "NotificationTemplateID":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/NotificationTemplateID"
        },
        "NotificationProfileID":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/NotificationProfileID"
        },
        "EmailAddresses":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/EmailAddresses"
        }
    }
}

Response

Supported Media Types

application/json

200 Response

Successful operation

Root Schema : schema

Match All

Show Source

object SuccessfulAddOperation

The response body for a successful add operation.
object type

{
    "allOf":[
        {
            "$ref":"#/components/schemas/SuccessfulAddOperation"
        },
        {
            "type":"object",
            "properties":{
                "data":{
                    "description":"The properties of the new event watcher policy.",
                    "type":"array",
                    "items":{
                        "$ref":"#/components/schemas/eventWatcherPoliciesRead"
                    }
                },
                "total":{
                    "description":"The total number of results regardless of paging.",
                    "type":"integer",
                    "example":"1"
                }
            }
        }
    ]
}

Nested Schema : SuccessfulAddOperation

Type: object

The response body for a successful add operation.

Show Source

message: string

The response message.

Example: Added record
success: boolean

Whether the operation was a success (true) or a failure (false).

Example: true

{
    "description":"The response body for a successful add operation.",
    "properties":{
        "success":{
            "description":"Whether the operation was a success (<b>true</b>) or a failure (<b>false</b>).",
            "type":"boolean",
            "example":"true"
        },
        "message":{
            "description":"The response message.",
            "type":"string",
            "example":"Added record"
        }
    },
    "type":"object"
}

Nested Schema : type

Type: object

Show Source

data: array data

The properties of the new event watcher policy.
total: integer

The total number of results regardless of paging.

Example: 1

{
    "type":"object",
    "properties":{
        "data":{
            "description":"The properties of the new event watcher policy.",
            "type":"array",
            "items":{
                "$ref":"#/components/schemas/eventWatcherPoliciesRead"
            }
        },
        "total":{
            "description":"The total number of results regardless of paging.",
            "type":"integer",
            "example":"1"
        }
    }
}

Nested Schema : data

Type: array

The properties of the new event watcher policy.

Show Source

Array of: object eventWatcherPoliciesRead

{
    "description":"The properties of the new event watcher policy.",
    "type":"array",
    "items":{
        "$ref":"#/components/schemas/eventWatcherPoliciesRead"
    }
}

Nested Schema : eventWatcherPoliciesRead

Type: object

Show Source

ActionType: string

Indicates which type of action to take when a threshold is crossed. - event => Meta Event - notification => Notification profile

Example: event
EmailAddresses: string

Comma-separated list of notification recipients.

Example:
Filters: array Filters

List of Filters with the Watcher
NotificationProfileID: integer

ID of the notification profile.

Example: 0
NotificationProfileName: string

Notification Profile Name

Example: oracle.doceng.json.BetterJsonNull@3aec2f59
NotificationTemplateID: integer

ID of the notification template.

Example: 0
NotificationTemplateName: string

Notification Template Name

Example: oracle.doceng.json.BetterJsonNull@fefd4a2
PolicyAction: string

Action associated with the Policy

Example: Meta Event: Login Failure x3
PolicyAuthor: string

Policy Author

Example: Administrator
PolicyDescription: string

Event Watcher Policy Description

Example: For any Login Failures by Node in the last 15 mins If any login failures occur and the Sum of Count >= 3, create this event.
PolicyEventID: integer

The ID of the Meta Event that should be dispatched if the threshold condition is met for the filtered metrics

Example: 3
PolicyEventName: string

The Name of the Meta Event that should be dispatched if the threshold condition is met for the filtered metrics

Example: Login Failure x3
PolicyFilter: string

SQL used to select which events will be processed by this CAPE Policy's node(s)

Example: (EventType = 'LoginLogout' AND Severity > 1 AND LastReported > (UNIX_TIMESTAMP() - 900))
PolicyGrouping: string

A SQL "GROUP BY" clause that allows the filtered metrics to be grouped. Valid format is empty or a comma-delimited list of one or more Event.Events field names

Example: Node
PolicyID: integer

Policy ID specified for individual CRUD operations

Example: 2
PolicyName: string

Event Watcher Policy Name

Example: Login Failure x3
PolicyPollTime: integer

How often, in seconds, should this policy be checked

Example: 900
PolicyStatus: string

Event Watcher Policy Status

Example: Disabled
PolicyStatusIcon: string

Event Watcher Policy Status Icon

Example: OrbRed.png
PolicyStatusID: integer

The event watcher policy status ID. Either 0 (disabled) or 1 (enabled).

Example: 0
PolicyThreshold: string

Overall threshold operation

Example: sum(Count) >= 3
PolicyThresholdField: string

Field from Event.Events DB table to use in threshold calculation. Value must be a field in Events. The Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)'

Example: Count
PolicyThresholdMetric: string

SQL Function applied to $PolicyThresholdField and compared with the $PolicyThresholdOperatorID operator against $PolicyThresholdValue The Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)' Allowed Values: - count - sum - max - min - avg

Example: sum
PolicyThresholdOperatorID: integer

The OperatorID of the threshold calculation The Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)' Allowed Values: - 0 => = - 1 => > - 2 => >= - 3 => < - 4 => <= 5 -> !=

Example: 2
PolicyThresholdValue: number

The numeric value used in the threshold condition. The Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)'

Example: 3
SearchType: string

Indicates which type of search - field => Guided - sql => Manual SQL

Example: sql

{
    "type":"object",
    "properties":{
        "PolicyID":{
            "description":"Policy ID specified for individual CRUD operations",
            "type":"integer",
            "example":"2"
        },
        "PolicyStatusIcon":{
            "description":"Event Watcher Policy Status Icon",
            "type":"string",
            "example":"OrbRed.png"
        },
        "PolicyStatus":{
            "description":"Event Watcher Policy Status",
            "type":"string",
            "example":"Disabled"
        },
        "PolicyName":{
            "description":"Event Watcher Policy Name",
            "type":"string",
            "example":"Login Failure x3"
        },
        "PolicyPollTime":{
            "description":"How often, in seconds, should this policy be checked",
            "type":"integer",
            "example":"900"
        },
        "PolicyThresholdMetric":{
            "description":"SQL Function applied to $PolicyThresholdField and compared with the $PolicyThresholdOperatorID operator against $PolicyThresholdValue\n\nThe Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)'\n\nAllowed Values:\n-  count\n-  sum\n-  max\n-  min\n-  avg",
            "type":"string",
            "example":"sum"
        },
        "PolicyThresholdField":{
            "description":"Field from Event.Events DB table to use in threshold calculation.  Value must be a field in Events.\n\nThe Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)'",
            "type":"string",
            "example":"Count"
        },
        "PolicyThresholdOperatorID":{
            "description":"The OperatorID of the threshold calculation\n\nThe Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)'\n\nAllowed Values:\n-  0 => =\n-  1 => >\n-  2 => >=\n-  3 => <\n-  4 => <=\n-  5 => !=",
            "type":"integer",
            "example":"2"
        },
        "PolicyThresholdValue":{
            "description":"The numeric value used in the threshold condition.\n\nThe Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)'",
            "type":"number",
            "example":"3"
        },
        "PolicyAuthor":{
            "description":"Policy Author",
            "type":"string",
            "example":"Administrator"
        },
        "PolicyStatusID":{
            "description":"The event watcher policy status ID. Either <b>0</b> (disabled) or <b>1</b> (enabled).",
            "type":"integer",
            "example":"0"
        },
        "PolicyDescription":{
            "description":"Event Watcher Policy Description",
            "type":"string",
            "example":"For any Login Failures by Node in the last 15 mins\r\n\r\nIf any login failures occur and the Sum of Count >= 3, create this event."
        },
        "PolicyFilter":{
            "description":"SQL used to select which events will be processed by this CAPE Policy's node(s)",
            "type":"string",
            "example":"(EventType = 'LoginLogout' AND Severity > 1 AND LastReported > (UNIX_TIMESTAMP() - 900))"
        },
        "PolicyGrouping":{
            "description":"A SQL \"GROUP BY\" clause that allows the filtered metrics to be grouped.  Valid format is empty or a comma-delimited list of one or more Event.Events field names",
            "type":"string",
            "example":"Node"
        },
        "PolicyEventID":{
            "description":"The ID of the Meta Event that should be dispatched if the threshold condition is met for the filtered metrics",
            "type":"integer",
            "example":"3"
        },
        "PolicyEventName":{
            "description":"The Name of the Meta Event that should be dispatched if the threshold condition is met for the filtered metrics",
            "type":"string",
            "example":"Login Failure x3"
        },
        "NotificationProfileID":{
            "description":"ID of the notification profile.",
            "type":"integer",
            "example":"0"
        },
        "NotificationTemplateID":{
            "description":"ID of the notification template.",
            "type":"integer",
            "example":"0"
        },
        "EmailAddresses":{
            "description":"Comma-separated list of notification recipients.",
            "type":"string",
            "example":""
        },
        "NotificationProfileName":{
            "description":"Notification Profile Name",
            "type":"string",
            "example":null
        },
        "NotificationTemplateName":{
            "description":"Notification Template Name",
            "type":"string",
            "example":null
        },
        "ActionType":{
            "description":"Indicates which type of action to take when a threshold is crossed.\n\n- event        => Meta Event\n- notification => Notification profile",
            "type":"string",
            "example":"event"
        },
        "SearchType":{
            "description":"Indicates which type of search\n\n- field => Guided\n- sql   => Manual SQL",
            "type":"string",
            "example":"sql"
        },
        "PolicyAction":{
            "description":"Action associated with the Policy",
            "type":"string",
            "example":"Meta Event: Login Failure x3"
        },
        "Filters":{
            "description":"List of Filters with the Watcher",
            "type":"array",
            "items":{
                "type":"object",
                "properties":{
                    "FieldName":{
                        "example":"Ack"
                    },
                    "Expression":{
                        "example":"0"
                    },
                    "FieldValue":{
                        "example":""
                    }
                }
            },
            "example":[
                {
                    "FieldName":"Ack",
                    "Expression":"0",
                    "FieldValue":""
                },
                {
                    "FieldName":"Action",
                    "Expression":"0",
                    "FieldValue":""
                },
                {
                    "FieldName":"Actor",
                    "Expression":"0",
                    "FieldValue":""
                }
            ]
        },
        "PolicyThreshold":{
            "description":"Overall threshold operation",
            "type":"string",
            "example":"sum(Count) >= 3"
        }
    }
}

Nested Schema : Filters

Type: array

List of Filters with the Watcher

Show Source

Array of: object items

{
    "description":"List of Filters with the Watcher",
    "type":"array",
    "items":{
        "type":"object",
        "properties":{
            "FieldName":{
                "example":"Ack"
            },
            "Expression":{
                "example":"0"
            },
            "FieldValue":{
                "example":""
            }
        }
    },
    "example":[
        {
            "FieldName":"Ack",
            "Expression":"0",
            "FieldValue":""
        },
        {
            "FieldName":"Action",
            "Expression":"0",
            "FieldValue":""
        },
        {
            "FieldName":"Actor",
            "Expression":"0",
            "FieldValue":""
        }
    ]
}

Example:

[
    {
        "FieldName":"Ack",
        "Expression":"0",
        "FieldValue":""
    },
    {
        "FieldName":"Action",
        "Expression":"0",
        "FieldValue":""
    },
    {
        "FieldName":"Actor",
        "Expression":"0",
        "FieldValue":""
    }
]

Nested Schema : items

Type: object

Show Source

Expression:

Example: 0
FieldName:

Example: Ack
FieldValue:

Example:

{
    "type":"object",
    "properties":{
        "FieldName":{
            "example":"Ack"
        },
        "Expression":{
            "example":"0"
        },
        "FieldValue":{
            "example":""
        }
    }
}

Default Response

Failed operation

Root Schema : schema

Type: object

Show Source

errors: array errors

The list of errors reported. Validation errors will be keyed by record field.
message: string

The response message.

Example: Exception thrown
success: boolean

Whether the operation was a success (true) or a failure (false).

Example: false

{
    "properties":{
        "success":{
            "description":"Whether the operation was a success (<b>true</b>) or a failure (<b>false</b>).",
            "type":"boolean",
            "example":"false"
        },
        "message":{
            "description":"The response message.",
            "type":"string",
            "example":"Exception thrown"
        },
        "errors":{
            "description":"The list of errors reported. Validation errors will be keyed by record field.",
            "type":"array",
            "items":{
                "description":"An error.",
                "type":"object"
            }
        }
    },
    "type":"object"
}

Nested Schema : errors

Type: array

The list of errors reported. Validation errors will be keyed by record field.

Show Source

Array of: object items

An error.

{
    "description":"The list of errors reported. Validation errors will be keyed by record field.",
    "type":"array",
    "items":{
        "description":"An error.",
        "type":"object"
    }
}

Nested Schema : items

Type: object

An error.