Create v2¶
POST /api/v1/alert_policy/add_v2
Overview¶
Create an alert strategy, v2 supports synchronous updates of associated monitors/intelligent monitors/intelligent inspections/slo, security monitoring
Body Request Parameters¶
| Parameter Name | Type | Required | Description |
|---|---|---|---|
| name | string | Y | Alert strategy name Allow null: False |
| desc | string | Description Allow null: False Allow empty string: True Maximum length: 256 |
|
| openPermissionSet | boolean | Enable custom permission configuration, (default false:not enabled), if enabled the operation permissions for this rule will be based on permissionSet Allow null: False |
|
| permissionSet | array | Operation permission configuration, can configure (roles(except owner), member UUIDs, team UUIDs) Example: ['wsAdmin', 'acnt_xxxx', 'group_yyyy'] Allow null: False |
|
| checkerUUIDs | array | Monitor/intelligent monitor/intelligent inspection/slo UUID (added in iteration on 2024-12-11) Example: ['rule_xxx', 'monitor_xxx'] Allow null: False |
|
| securityRuleUUIDs | array | Security monitoring(cspm, siem) UUID Example: ['srul_xxx', 'srul_xxx', 'srul_xxx'] Allow null: False |
|
| ruleTimezone | str | Y | Alert strategy timezone Example: Asia/Shanghai Allow null: False |
| alertOpt | json | Alert settings Allow null: False |
|
| alertOpt.aggType | string | Alert aggregation type, if this field is not passed, it defaults to old version logic added in iteration on 2024-12-25 Allow null: True Optional values: ['byFields', 'byCluster', 'byAI'] |
|
| alertOpt.alertType | string | Alert strategy notification type, level(status)/member(member), default is level Allow null: False Optional values: ['status', 'member'] |
|
| alertOpt.alertTarget | array | Trigger action, note handling of trigger time Example: [{'name': 'Notification Configuration 1', 'targets': [{'to': ['acnt_xxxx32'], 'status': 'critical', 'tags': {'pod_name': ['coredns-7769b554cf-w95fk']}, 'upgradeTargets': [{'to': ['acnt_xxxx32'], 'duration': 600}, {'to': ['group_xxxx32'], 'duration': 6000}]}], 'crontabDuration': 600, 'crontab': '0 9 * * 0,1,2,3,4'}, {'name': 'Notification Configuration 2', 'targets': [{'status': 'error', 'to': ['group_xxxx32'], 'upgradeTargets': [{'to': ['acnt_xxxx32'], 'duration': 600}, {'to': ['group_xxxx32'], 'duration': 6000}]}], 'customDateUUIDs': ['ndate_xxxx32'], 'customStartTime': '09:30:10', 'crontabDuration': 600}] Allow null: False |
|
| alertOpt.silentTimeout | integer | Y | Alert settings Allow null: False |
| alertOpt.aggInterval | integer | Y | Alert aggregation interval, unit seconds, 0 means no aggregation Allow null: False $minValue: 0 $maxValue: 1800 |
| alertOpt.aggFields | array | Aggregation field list, keep empty list [] represents "Aggregation Rule: All", df_monitor_checker_id: monitor/intelligent inspection/SLO, df_dimension_tags: detection dimension, df_label: label, CLUSTER: intelligent aggregation Example: ['CLUSTER'] Allow null: False |
|
| alertOpt.aggLabels | array | Label value list when aggregating by label, only takes effect if df_label is specified in aggFields Allow null: False |
|
| alertOpt.aggClusterFields | array | Field list when aggregating intelligently, only takes effect if CLUSTER is specified in aggFields, optional values "df_title": title, "df_message": content Example: ['df_title'] Allow null: False |
Additional Parameter Explanation¶
Data Explanation.
1. alertOpt Parameter Explanation
| Parameter Name | type | Required | Description |
|---|---|---|---|
| name | string | Required | Rule name |
| desc | string | Description | |
| type | string | Required | Checker type |
| ruleTimezone | string | Required | Alert strategy timezone (added parameter in iteration on 2024-01-31) |
| alertOpt | Dict | Required | Alert settings |
| alertOpt[#].silentTimeout | integer | Required | How long the same alert does not repeat sending alerts (i.e., silence time), unit seconds/s, 0 means permanent |
| alertOpt[#].aggInterval | integer | Alert aggregation interval, unit seconds, 0 means no aggregation, unit seconds/s range[0,1800] | |
| alertOpt[#].aggFields | array | Aggregation field list, keep empty list[] represents "Aggregation Rule: All", df_monitor_checker_id: monitor/intelligent inspection/SLO, df_dimension_tags: detection dimension, df_label: label, CLUSTER: intelligent aggregation | |
| alertOpt[#].aggLabels | array | Label value list when aggregating by label, only takes effect if df_label is specified in aggFields | |
| alertOpt[#].aggClusterFields | array | Field list when aggregating intelligently, only takes effect if CLUSTER is specified in aggFields, optional values "df_title": title, "df_message": content | |
| alertOpt[#].alertTarget | Array[Dict] | Alert action | |
| alertOpt[#].alertType | string | Alert strategy notification type, level(status)/member(member), default is level, added in iteration on 2024-11-06 | |
| alertOpt[#].aggType | string | Default does not pass old version logic, byFields: rule aggregation, byCluster: intelligent aggregation, byAI: AI aggregation, added field in iteration on 2024-12-25 | |
| openPermissionSet | boolean | Whether to enable custom permission configuration, default false, added in iteration on 2024-11-06 | |
| permissionSet | array | Operation permission configuration , added in iteration on 2024-11-06 | |
| checkerUUIDs | array | Associated monitors/intelligent monitors/intelligent inspections/slo UUID , added in iteration on 2024-12-11 | |
| securityRuleUUIDs | array | Associated security monitoring(cspm, siem) UUID , added in iteration on 2025-05-14 |
1.1 alertOpt.aggType Parameter Explanation
2024-12-25
Alert aggregation type
null: no aggregation
"byFields": rule aggregation
"byCluster": intelligent aggregation
"byAI": AI aggregation
Since there was no aggType field in the old data structure, and the aggregation type was determined by the contents of aggFields, after adding the aggType field, compatibility will be handled as follows:
Aggregate according to the aggregation method specified by aggType if aggType is specified
Aggregate according to the old logic if aggType is not specified or aggType=None
Aggregate according to intelligent aggregation if "CLUSTER" is included in aggFields
Aggregate according to rule aggregation if "CLUSTER" is not included in aggFields
Derived rules:
Specify aggInterval=0 or aggInterval=null still indicates "no aggregation"
Specify aggType="byCluster" where aggFields can omit "CLUSTER" (whether passing it does not affect)
Specify aggType="byFields", but aggFields also include "CLUSTER", ignore "CLUSTER" (i.e., higher priority for aggType)
2. When the alert strategy is of type level, alertOpt.alertTarget Parameter Explanation
| key | Type | Required | Description |
|---|---|---|---|
| name | string | Configuration name | |
| targets | Array[dict] | Required | Notification object configuration (note the position of this field when the alert strategy is of type level/member) |
| crontab | String | Select repeat time period, start Crontab (Crontab syntax) | |
| crontabDuration | integer | Select repeat time, duration from Crontab start (seconds) | |
| customDateUUIDs | Array[String] | Select custom time, UUID list of custom notification dates, example: ['ndate_xxxx32', 'ndate_xxxx32'], reference custom notification date (Monitoring - Alert Strategy - Custom Notification Date, interface) | |
| customStartTime | String | Select custom time, daily start time, format: HH ss |
|
| customDuration | integer | Select custom time period, duration from customStartTime custom start time (seconds) |
3. When the alert strategy is of type member, alertOpt.alertTarget Parameter Explanation
| key | Type | Required | Description |
|---|---|---|---|
| name | string | Configuration name | |
| crontab | String | Select repeat time period, start Crontab (Crontab syntax) | |
| crontabDuration | integer | Select repeat time, duration from Crontab start (seconds) | |
| customDateUUIDs | Array[String] | Select custom time, UUID list of custom notification dates, example: ['ndate_xxxx32', 'ndate_xxxx32'], reference custom notification date (Monitoring - Alert Strategy - Custom Notification Date, interface) | |
| customStartTime | String | Select custom time, daily start time, format: HHss |
|
| customDuration | integer | Select custom time period, duration from customStartTime custom start time (seconds) | |
| alertInfo | Array[dict] | Required | Notification related information configuration for member-type alert strategies added in iteration on 2024-11-27 |
4. When the alert strategy is of type member, alertOpt.alertTarget.alertInfo Parameter Explanation
| key | Type | Required | Description |
|---|---|---|---|
| name | string | Configuration name | |
| targets | Array[dict] | Required | Notification object configuration (note the position of this field when the alert strategy is of type level/member) |
| filterString | string | When alertType is member, use this field, filter condition raw string, added in iteration on 2024-11-27 | |
| memberInfo | array | When alertType is member, use this field (team UUID, member UUID), example: [group_xxxx,acnt_xxxx], added in iteration on 2024-11-27 |
5. Time Configuration Related Explanations
If select repeated time period, crontab, crontabDuration fields are required parameters
If select custom time period, customDateUUIDs, customDuration, customStartTime fields are required parameters
If select other moments, crontab, crontabDuration, customDateUUIDs, customStartTime, customDuration are not required
Note: Each alert strategy will have a fallback notification rule with no time configuration
6. Notification Object Field targets Explanation
When alertType is status, targets location alertOpt.alertTarget.targets
When alertType is member, targets location alertOpt.alertTarget.alertInfo.targets
targets is a list, internal elements are dicts, internal field explanations as follows
| key | Type | Required | Description |
|---|---|---|---|
| to | Array[String] | Required | Notification object/member/team, example: [group_xxxx,acnt_xxxx,notify_xxxx]. (When alertType is member, only notification objects and fixed fields email, sms (saas version supports sms) can be selected, example: [email,notify_xxxx], added in iteration on 2024-11-06) |
| status | Enum | Required | Status value of events that need to send alerts (multiple statuses can be separated by commas, all means all). Non-security monitoring type status values: critical,error,warning,nodata,info. Security monitoring type status values: critical, high, medium, low, info (added enumeration values for security monitoring in iteration on 2025-05-14) |
| df_source | Enum | When status needs to be security monitoring status, df_source must be specified as security, default non-passing means non-security monitoring status (added in iteration on 2025-05-14) | |
| upgradeTargets | Array | Upgrade notifications for each alert configuration status | |
| tags | dict | Filter conditions | |
| filterString | dict | Raw string of filter conditions can replace tags, filterString has higher priority than tags, added in iteration on 2024-11-27 |
7. Notification Object Field upgradeTargets Explanation
When alertType is status, targets location alertOpt.alertTarget.targets.upgradeTargets
When alertType is member, targets location alertOpt.alertTarget.alertInfo.targets.upgradeTargets
upgradeTargets is a list, internal elements are dicts, internal field explanations as follows
| key | Type | Required | Description |
|---|---|---|---|
| to | Array[String] | Required | Notification object/member/team, example: [group_xxxx,acnt_xxxx,notify_xxxx]. (When alertType is member, only members and teams can be selected, added in iteration on 2024-11-06) |
| duration | integer | Duration, triggers upgrade notification when the event of this level status continuously occurs | |
| toWay | Array[String] | When alertType is of type member(member), used, only notification objects and fixed fields email, sms(saas version supports sms) can be selected, example: [email,notify_xxxx], added in iteration on 2024-11-06 |
8. Operation Permission Configuration Parameter Explanation
| Parameter Name | type | Description |
|---|---|---|
| openPermissionSet | boolean | Whether to enable custom permission configuration, default false |
| permissionSet | array | Operation permission configuration |
**permissionSet, openPermissionSet Field Explanation(Added in iteration on 2024-06-26): **
After enabling openPermissionSet configuration, only space owners and roles, teams, members configured in permissionSet can perform edit/enable/disable/delete operations
When openPermissionSet is disabled (default), delete/enable/disable/edit permissions follow the original interface edit/enable/disable/delete permissions
The permissionSet field can be configured with role UUIDs(wsAdmin,general, readOnly, role_xxxxx ), team UUID(group_yyyy), member UUID(acnt_xxx) permissionSet field example:
Request Example¶
curl 'https://openapi.guance.com/api/v1/alert_policy/add' \
-H 'DF-API-KEY: <DF-API-KEY>' \
-H 'Content-Type: application/json;charset=UTF-8' \
--data-raw '{"name":"jj_test","ruleTimezone":"Asia/Shanghai","alertOpt":{"alertTarget":[{"name":"Notification Configuration 1","targets":[{"status":"critical","tags":{"pod_name":["coredns-7769b554cf-w95fk"]},"to":["acnt_xxxx32"]}],"crontabDuration":600,"crontab":"0 9 * * 0,1,2,3,4"},{"name":"Notification Configuration 2","targets":[{"status":"error","to":["group_xxxx32"]}],"customDateUUIDs":["ndate_xxxx32"],"customStartTime":"09:30:10","customDuration":600},{"targets":[{"status":"warning","to":["notify_xxxx32"]}]}],"silentTimeout":21600,"aggInterval":120,"aggFields":["df_monitor_checker_id"]}}' \
--compressed
Response¶
{
"code": 200,
"content": {
"alertOpt": {
"aggFields": [
"df_monitor_checker_id"
],
"aggInterval": 120,
"alertTarget": [
{
"crontab": "0 9 * * 0,1,2,3,4",
"crontabDuration": 600,
"name": "Notification Configuration 1",
"targets": [
{
"status": "critical",
"tags": {
"pod_name": [
"coredns-7769b554cf-w95fk"
]
},
"to": [
"acnt_xxxx32"
]
}
]
},
{
"customDateUUIDs": [
"ndate_xxxx32"
],
"customDuration": 600,
"customStartTime": "09:30:10",
"name": "Notification Configuration 2",
"targets": [
{
"status": "error",
"to": [
"group_xxxx32"
]
}
]
},
{
"targets": [
{
"status": "warning",
"to": [
"notify_xxxx32"
]
}
]
}
],
"silentTimeout": 21600
},
"createAt": 1719373984,
"creator": "wsak_xxxx32",
"declaration": {
"asd": "aa,bb,cc,1,True",
"asdasd": "dawdawd",
"business": "aaa",
"fawf": "afawf",
"organization": "64fe7b4062f74d0007b46676"
},
"deleteAt": -1,
"id": null,
"name": "jj_test",
"ruleTimezone": "Asia/Shanghai",
"score": 0,
"status": 0,
"updateAt": 1719373984,
"updator": "wsak_xxxx32",
"uuid": "altpl_xxxx32",
"workspaceUUID": "wksp_xxxx32"
},
"errorCode": "",
"message": "",
"success": true,
"traceId": "TRACE-148B6846-6180-4594-BD26-8A2077F0E911"
}