Go 创建一条告警规则，告警规则所属的管道ID为772fb35b-83bc-46c9-a0b1-ebe31070a889，告警规则名称为Alert rule，查询类型为SQL，状态为启用。 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" secmaster "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). Build() client := secmaster.NewSecMasterClient( secmaster.SecMasterClientBuilder(). WithRegion(region.ValueOf("cn-north-4")). WithCredential(auth). Build()) request := &model.CreateAlertRuleRequest{} modeTriggers:= model.GetAlertRuleTriggerModeEnum().COUNT operatorTriggers:= model.GetAlertRuleTriggerOperatorEnum().GT severityTriggers:= model.GetAlertRuleTriggerSeverityEnum().TIPS var listTriggersbody = []model.AlertRuleTrigger{ { Mode: &modeTriggers, Operator: &operatorTriggers, Expression: "10", Severity: &severityTriggers, }, } delayIntervalSchedule:= int32(2) overtimeIntervalSchedule:= int32(10) schedulebody := &model.Schedule{ FrequencyInterval: int32(5), FrequencyUnit: model.GetScheduleFrequencyUnitEnum().MINUTE, PeriodInterval: int32(5), PeriodUnit: model.GetSchedulePeriodUnitEnum().MINUTE, DelayInterval: &delayIntervalSchedule, OvertimeInterval: &overtimeIntervalSchedule, } var listCustomPropertiesbody = map[string]string{ "references": "https://localhost/references", "maintainer": "isap", } suspressionCreateAlertRuleRequestBody:= true eventGroupingCreateAlertRuleRequestBody:= true severityCreateAlertRuleRequestBody:= model.GetCreateAlertRuleRequestBodySeverityEnum().TIPS statusCreateAlertRuleRequestBody:= model.GetCreateAlertRuleRequestBodyStatusEnum().ENABLED queryTypeCreateAlertRuleRequestBody:= model.GetCreateAlertRuleRequestBodyQueryTypeEnum().SQL descriptionCreateAlertRuleRequestBody:= "An alert rule" request.Body = &model.CreateAlertRuleRequestBody{ Triggers: listTriggersbody, Schedule: schedulebody, Suspression: &suspressionCreateAlertRuleRequestBody, EventGrouping: &eventGroupingCreateAlertRuleRequestBody, CustomProperties: listCustomPropertiesbody, Severity: &severityCreateAlertRuleRequestBody, Status: &statusCreateAlertRuleRequestBody, QueryType: &queryTypeCreateAlertRuleRequestBody, Query: "* | select status, count(*) as count group by status", Description: &descriptionCreateAlertRuleRequestBody, RuleName: "Alert rule", PipeId: "772fb35b-83bc-46c9-a0b1-ebe31070a889", } response, err := client.CreateAlertRule(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } }

URI POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules 表1 路径参数 参数 是否必选 参数类型 描述 project_id 是 String 项目 ID。Project ID. 最小长度：32 最大长度：36 workspace_id 是 String 工作空间 ID。Workspace ID. 最小长度：32 最大长度：36

Python 创建一条告警规则，告警规则所属的管道ID为772fb35b-83bc-46c9-a0b1-ebe31070a889，告警规则名称为Alert rule，查询类型为SQL，状态为启用。 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 # coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdksecmaster.v2.region.secmaster_region import SecMasterRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdksecmaster.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.getenv("CLOUD_SDK_AK") sk = os.getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = SecMasterClient.new_builder() \ .with_credentials(credentials) \ .with_region(SecMasterRegion.value_of("cn-north-4")) \ .build() try: request = CreateAlertRuleRequest() listTriggersbody = [ AlertRuleTrigger( mode="COUNT", operator="GT", expression="10", severity="TIPS" ) ] schedulebody = Schedule( frequency_interval=5, frequency_unit="MINUTE", period_interval=5, period_unit="MINUTE", delay_interval=2, overtime_interval=10 ) listCustomPropertiesbody = { "references": "https://localhost/references", "maintainer": "isap" } request.body = CreateAlertRuleRequestBody( triggers=listTriggersbody, schedule=schedulebody, suspression=True, event_grouping=True, custom_properties=listCustomPropertiesbody, severity="TIPS", status="ENABLED", query_type="SQL", query="* | select status, count(*) as count group by status", description="An alert rule", rule_name="Alert rule", pipe_id="772fb35b-83bc-46c9-a0b1-ebe31070a889" ) response = client.create_alert_rule(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)

请求示例 创建一条告警规则，告警规则所属的管道ID为772fb35b-83bc-46c9-a0b1-ebe31070a889，告警规则名称为Alert rule，查询类型为SQL，状态为启用。 { "pipe_id" : "772fb35b-83bc-46c9-a0b1-ebe31070a889", "rule_name" : "Alert rule", "description" : "An alert rule", "query" : "* | select status, count(*) as count group by status", "query_type" : "SQL", "status" : "ENABLED", "severity" : "TIPS", "custom_properties" : { "references" : "https://localhost/references", "maintainer" : "isap" }, "event_grouping" : true, "suspression" : true, "schedule" : { "frequency_interval" : 5, "frequency_unit" : "MINUTE", "period_interval" : 5, "period_unit" : "MINUTE", "delay_interval" : 2, "overtime_interval" : 10 }, "triggers" : [ { "mode" : "COUNT", "operator" : "GT", "expression" : 10, "severity" : "TIPS" } ] }

响应示例 状态码： 200 Success { "rule_id" : "443a0117-1aa4-4595-ad4a-796fad4d4950", "pipe_id" : "772fb35b-83bc-46c9-a0b1-ebe31070a889", "create_by" : "582dd19dd99d4505a1d7929dc943b169", "create_time" : 1665221214, "update_by" : "582dd19dd99d4505a1d7929dc943b169", "update_time" : 1665221214, "delete_time" : 0, "rule_name" : "Alert rule", "query" : "* | select status, count(*) as count group by status", "query_type" : "SQL", "status" : "ENABLED", "severity" : "TIPS", "custom_properties" : { "references" : "https://localhost/references", "maintainer" : "isap" }, "event_grouping" : true, "schedule" : { "frequency_interval" : 5, "frequency_unit" : "MINUTE", "period_interval" : 5, "period_unit" : "MINUTE", "delay_interval" : 2, "overtime_interval" : 10 }, "triggers" : [ { "mode" : "COUNT", "operator" : "GT", "expression" : 10, "severity" : "TIPS" } ] }

请求参数 表2 请求Header参数 参数 是否必选 参数类型 描述 X-Auth-Token 是 String IAM token 最小长度：1 最大长度：2097152 表3 请求Body参数 参数 是否必选 参数类型 描述 pipe_id 是 String pipe_id 最小长度：36 最大长度：36 query 是 String query 最小长度：1 最大长度：1024 query_type 否 String query_type. SQL, CBSL. 缺省值：SQL 最小长度：1 最大长度：255 枚举值： SQL CBSL from 是 Long from 最小值：0 最大值：9223372036854775807 to 是 Long from 最小值：0 最大值：9223372036854775807 event_grouping 否 Boolean event_grouping 缺省值：true triggers 是 Array of AlertRuleTrigger objects triggers 表4 AlertRuleTrigger 参数 是否必选 参数类型 描述 mode 否 String mode. COUNT. 缺省值：COUNT 最小长度：1 最大长度：255 枚举值： COUNT operator 否 String operator. EQ equal, NE not equal, GT greater than, LT less than. 缺省值：GT 最小长度：1 最大长度：255 枚举值： EQ NE GT LT expression 是 String expression 最小长度：1 最大长度：255 severity 否 String severity. TIPS, LOW, MEDIUM, HIGH, FATAL 最小长度：1 最大长度：255 枚举值： TIPS LOW MEDIUM HIGH FATAL accumulated_times 否 Integer accumulated_times 最小值：1 最大值：1000 缺省值：1

请求示例 { "pipe_id" : "ead2769b-afb0-45dd-b9fa-a2953e6ac82f", "query" : "* | select status, count(*) as count group by status", "query_type" : "SQL", "event_grouping" : true, "from" : 1665221214000, "to" : 1665546370000, "triggers" : [ { "mode" : "COUNT", "operator" : "GT", "expression" : 10, "severity" : "TIPS", "accumulated_times" : 1 } ]}

响应参数 状态码： 200 表5 响应Header参数 参数 参数类型 描述 X-request-id String This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname. 表6 响应Body参数 参数 参数类型 描述 alert_count Integer alert_count 最小值：0 最大值：100 severity String severity. TIPS, LOW, MEDIUM, HIGH, FATAL 最小长度：1 最大长度：64 状态码： 400 表7 响应Header参数 参数 参数类型 描述 X-request-id String This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname.

URI POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/simulation 表1 路径参数 参数 是否必选 参数类型 描述 project_id 是 String project_id 最小长度：32 最大长度：36 workspace_id 是 String workspace_id 最小长度：32 最大长度：36