Get CAPE Policies

get

/api/event/Policies

Gets the CAPE policies that match the specified parameters. If no parameters are specified, all CAPE policies are returned.

Request

Query Parameters
  • The fields to filter the results by. You cannot filter by fields that contain a state.
    This parameter's value uses the following JSON format:
    {
    "property": "property",
    "value": "propertyValue",
    "operator": "operator",
    "conjunction": "conjunction"
    }

    If you use multiple JSON objects to combine filters, for example, to filter by several different device names, you cannot combine OR and AND conjunctions. The conjunction used for the last object applies to the entire list.
    • Default Value: OR
      Allowed Values: [ "AND", "OR" ]
      The conjunction between filters.
      Example: AND
    • Default Value: LIKE
      Allowed Values: [ "eq", "ne", "gte", "gt", "lte", "lt", "LIKE", "NOT LIKE", "re", "not re", "NOT IN" ]
      The filter operation to use.
      Example: eq
    • The name of the field to filter on.
      Example: name
    • The value of the field to filter on.
      Example: test
  • The number of records to limit results by.
    Example:
    100
  • The field and direction to sort results by. You cannot sort by fields that contain a state.
    This parameters value uses the following JSON format:
    {
    "property": "property",
    "direction": "direction"
    }
  • The page of results to start from.
    Default Value: 0
    Example:
    1

There's no request body for this operation.

Back to Top

Response

Supported Media Types

200 Response

Successful operation
Body ()
Root Schema : schema
Match All
Show Source
Nested Schema : SuccessfulGetOperation
Type: object
Show Source
Nested Schema : type
Type: object
Show Source
Nested Schema : data
Type: array
The list of CAPE policies that match the specified parameters.
Show Source
Nested Schema : eventPoliciesRead
Type: object
Show Source
  • CAPE Policy Description
    Example: Analytics has found an event that has never happened before or through heuristics has been found as not noise but important. The goal is to increase the severity of the originating event.
  • Profile ID specified for individual CRUD operations
    Example: 1
  • CAPE Policy Name
    Example: AbnormalActivity
  • The ID of the first node called to process this policy's matching events.
    Example: 1
  • Name of the first node called.
    Example: EscalateByAnomaly
  • Name of the first node called.
    Example: EscalateByAnomaly
  • Interval, in seconds, this policy should run (30 seconds recommended minimum)
    Example: 30
  • Flag to indicate whether events will be processed by each node in a batch, or individually Allowed Values: - 0 => Process Events Individually - 1 => Process Events Together
    Example: 0
  • SQL used to select which events will be processed by this CAPE Policy's node(s)
    Example: SELECT * FROM Events WHERE Severity > 1 AND EventType LIKE 'AbnormalActivity-%'
  • Status for the Policy. Status will be Enabled or Disabled.
    Example: Enabled
  • CAPE Policy Status Icon. The icon will be "OrbRed.png" or "OrbGreen.png"
    Example: OrbGreen.png
  • State ID of the policy. It will be 0 or 1.
    Example: 1
  • The device zone ID associated with the policy. 0 is used for "all zones".
    Example: 0
  • The device zone name associated with the policy. It will be null if the zone ID is 0.
    Example: oracle.doceng.json.BetterJsonNull@52a8f789
  • The device zone name associated with the policy. It will be "[All]" if the zone ID is 0.
    Example: [All]

Default Response

Failed operation
Body ()
Root Schema : schema
Type: object
Show Source
Nested Schema : errors
Type: array
The list of errors reported. Validation errors will be keyed by record field.
Show Source
Nested Schema : items
Type: object
Back to Top