Jump to

• Request
• Response

Update an Event Watcher Policy

put

/api/event/WatcherPolicies/{id}

Updates the event watcher policy that matches the specified ID.

Request

Path Parameters

• id(required): integer(int32)
  The event watcher policy ID.

Supported Media Types

• application/json

Request Body - application/json ()

Root Schema : schema

Type: object

Show Source

• ActionType: string
  Indicates which type of action to take when a threshold is crossed. - event => Meta Event - notification => Notification profile

  Example: event
• EmailAddresses: string
  Comma-separated list of notification recipients.

  Example:
• NotificationProfileID: integer
  ID of the notification profile.

  Example: 0
• NotificationTemplateID: integer
  ID of the notification template.

  Example: 0
• PolicyDescription: string
  Event Watcher Policy Description

  Example: For any Login Failures by Node in the last 15 mins If any login failures occur and the Sum of Count >= 3, create this event.
• PolicyEventID: integer
  The ID of the Meta Event that should be dispatched if the threshold condition is met for the filtered metrics

  Example: 3
• PolicyFilter: string
  SQL used to select which events will be processed by this CAPE Policy's node(s)

  Example: (EventType = 'LoginLogout' AND Severity > 1 AND LastReported > (UNIX_TIMESTAMP() - 900))
• PolicyGrouping: string
  A SQL "GROUP BY" clause that allows the filtered metrics to be grouped. Valid format is empty or a comma-delimited list of one or more Event.Events field names

  Example: Node
• PolicyName: string
  Event Watcher Policy Name

  Example: Login Failure x3
• PolicyPollTime: integer
  How often, in seconds, should this policy be checked

  Example: 900
• PolicyStatusID: integer
  Event Watcher PolicyStatusID

  Example: 0
• PolicyThresholdField: string
  Field from Event.Events DB table to use in threshold calculation. Value must be a field in Events. The Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)'

  Example: Count
• PolicyThresholdMetric: string
  SQL Function applied to $PolicyThresholdField and compared with the $PolicyThresholdOperatorID operator against $PolicyThresholdValue The Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)' Allowed Values: - count - sum - max - min - avg

  Example: sum
• PolicyThresholdOperatorID: integer
  The OperatorID of the threshold calculation The Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)' Allowed Values: - 0 => = - 1 => > - 2 => >= - 3 => < - 4 => <= 5 -> !=

  Example: 2
• PolicyThresholdValue: number
  The numeric value used in the threshold condition. The Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)'

  Example: 3
• SearchType: string
  Indicates which type of search - field => Guided - sql => Manual SQL

  Example: sql

{
    "type":"object",
    "properties":{
        "PolicyName":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyName"
        },
        "PolicyStatusID":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyStatusID"
        },
        "PolicyPollTime":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyPollTime"
        },
        "PolicyDescription":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyDescription"
        },
        "PolicyGrouping":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyGrouping"
        },
        "PolicyFilter":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyFilter"
        },
        "PolicyThresholdMetric":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyThresholdMetric"
        },
        "PolicyThresholdField":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyThresholdField"
        },
        "PolicyThresholdOperatorID":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyThresholdOperatorID"
        },
        "PolicyThresholdValue":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyThresholdValue"
        },
        "PolicyEventID":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/PolicyEventID"
        },
        "NotificationTemplateID":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/NotificationTemplateID"
        },
        "NotificationProfileID":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/NotificationProfileID"
        },
        "ActionType":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/ActionType"
        },
        "SearchType":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/SearchType"
        },
        "EmailAddresses":{
            "$ref":"#/components/schemas/eventWatcherPoliciesRead/properties/EmailAddresses"
        }
    }
}

Back to Top

Response

Supported Media Types

• application/json

200 Response

Successful operation

Body ()

Root Schema : schema

Match All

Show Source

• object SuccessfulUpdateOperation
• object type

{
    "allOf":[
        {
            "$ref":"#/components/schemas/SuccessfulUpdateOperation"
        },
        {
            "type":"object",
            "properties":{
                "data":{
                    "description":"The properties of the updated event watcher policy.",
                    "type":"array",
                    "items":{
                        "$ref":"#/components/schemas/eventWatcherPoliciesRead"
                    }
                },
                "total":{
                    "description":"The total number of results regardless of paging.",
                    "type":"integer",
                    "example":"1"
                }
            }
        }
    ]
}

Nested Schema : SuccessfulUpdateOperation

Type: object

Show Source

• message: string
  The response message.

  Example: Updated record
• success: boolean
  Whether the operation was a success (true) or a failure (false).

  Example: true

{
    "properties":{
        "success":{
            "description":"Whether the operation was a success (<b>true</b>) or a failure (<b>false</b>).",
            "type":"boolean",
            "example":"true"
        },
        "message":{
            "description":"The response message.",
            "type":"string",
            "example":"Updated record"
        }
    },
    "type":"object"
}

Nested Schema : type

Type: object

Show Source

• data: array data
  The properties of the updated event watcher policy.
• total: integer
  The total number of results regardless of paging.

  Example: 1

{
    "type":"object",
    "properties":{
        "data":{
            "description":"The properties of the updated event watcher policy.",
            "type":"array",
            "items":{
                "$ref":"#/components/schemas/eventWatcherPoliciesRead"
            }
        },
        "total":{
            "description":"The total number of results regardless of paging.",
            "type":"integer",
            "example":"1"
        }
    }
}

Nested Schema : data

Type: array

The properties of the updated event watcher policy.

Show Source

• Array of: object eventWatcherPoliciesRead

{
    "description":"The properties of the updated event watcher policy.",
    "type":"array",
    "items":{
        "$ref":"#/components/schemas/eventWatcherPoliciesRead"
    }
}

Nested Schema : eventWatcherPoliciesRead

Type: object

Show Source

• ActionType: string
  Indicates which type of action to take when a threshold is crossed. - event => Meta Event - notification => Notification profile

  Example: event
• EmailAddresses: string
  Comma-separated list of notification recipients.

  Example:
• Filters: array Filters
  List of Filters with the Watcher
• NotificationProfileID: integer
  ID of the notification profile.

  Example: 0
• NotificationProfileName: string
  Notification Profile Name

  Example: oracle.doceng.json.BetterJsonNull@7053a864
• NotificationTemplateID: integer
  ID of the notification template.

  Example: 0
• NotificationTemplateName: string
  Notification Template Name

  Example: oracle.doceng.json.BetterJsonNull@85104d6
• PolicyAction: string
  Action associated with the Policy

  Example: Meta Event: Login Failure x3
• PolicyAuthor: string
  Policy Author

  Example: Administrator
• PolicyDescription: string
  Event Watcher Policy Description

  Example: For any Login Failures by Node in the last 15 mins If any login failures occur and the Sum of Count >= 3, create this event.
• PolicyEventID: integer
  The ID of the Meta Event that should be dispatched if the threshold condition is met for the filtered metrics

  Example: 3
• PolicyEventName: string
  The Name of the Meta Event that should be dispatched if the threshold condition is met for the filtered metrics

  Example: Login Failure x3
• PolicyFilter: string
  SQL used to select which events will be processed by this CAPE Policy's node(s)

  Example: (EventType = 'LoginLogout' AND Severity > 1 AND LastReported > (UNIX_TIMESTAMP() - 900))
• PolicyGrouping: string
  A SQL "GROUP BY" clause that allows the filtered metrics to be grouped. Valid format is empty or a comma-delimited list of one or more Event.Events field names

  Example: Node
• PolicyID: integer
  Policy ID specified for individual CRUD operations

  Example: 2
• PolicyName: string
  Event Watcher Policy Name

  Example: Login Failure x3
• PolicyPollTime: integer
  How often, in seconds, should this policy be checked

  Example: 900
• PolicyStatus: string
  Event Watcher Policy Status

  Example: Disabled
• PolicyStatusIcon: string
  Event Watcher Policy Status Icon

  Example: OrbRed.png
• PolicyStatusID: integer
  Event Watcher PolicyStatusID

  Example: 0
• PolicyThreshold: string
  Overall threshold operation

  Example: sum(Count) >= 3
• PolicyThresholdField: string
  Field from Event.Events DB table to use in threshold calculation. Value must be a field in Events. The Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)'

  Example: Count
• PolicyThresholdMetric: string
  SQL Function applied to $PolicyThresholdField and compared with the $PolicyThresholdOperatorID operator against $PolicyThresholdValue The Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)' Allowed Values: - count - sum - max - min - avg

  Example: sum
• PolicyThresholdOperatorID: integer
  The OperatorID of the threshold calculation The Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)' Allowed Values: - 0 => = - 1 => > - 2 => >= - 3 => < - 4 => <= 5 -> !=

  Example: 2
• PolicyThresholdValue: number
  The numeric value used in the threshold condition. The Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)'

  Example: 3
• SearchType: string
  Indicates which type of search - field => Guided - sql => Manual SQL

  Example: sql

{
    "type":"object",
    "properties":{
        "PolicyID":{
            "description":"Policy ID specified for individual CRUD operations",
            "type":"integer",
            "example":"2"
        },
        "PolicyStatusIcon":{
            "description":"Event Watcher Policy Status Icon",
            "type":"string",
            "example":"OrbRed.png"
        },
        "PolicyStatus":{
            "description":"Event Watcher Policy Status",
            "type":"string",
            "example":"Disabled"
        },
        "PolicyName":{
            "description":"Event Watcher Policy Name",
            "type":"string",
            "example":"Login Failure x3"
        },
        "PolicyPollTime":{
            "description":"How often, in seconds, should this policy be checked",
            "type":"integer",
            "example":"900"
        },
        "PolicyThresholdMetric":{
            "description":"SQL Function applied to $PolicyThresholdField and compared with the $PolicyThresholdOperatorID operator against $PolicyThresholdValue\n\nThe Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)'\n\nAllowed Values:\n-  count\n-  sum\n-  max\n-  min\n-  avg",
            "type":"string",
            "example":"sum"
        },
        "PolicyThresholdField":{
            "description":"Field from Event.Events DB table to use in threshold calculation.  Value must be a field in Events.\n\nThe Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)'",
            "type":"string",
            "example":"Count"
        },
        "PolicyThresholdOperatorID":{
            "description":"The OperatorID of the threshold calculation\n\nThe Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)'\n\nAllowed Values:\n-  0 => =\n-  1 => >\n-  2 => >=\n-  3 => <\n-  4 => <=\n-  5 => !=",
            "type":"integer",
            "example":"2"
        },
        "PolicyThresholdValue":{
            "description":"The numeric value used in the threshold condition.\n\nThe Threshold condition is formulated as 'if ($PolicyThresholdMetric($PolicyThresholdField) $PolicyThresholdOperatorID $PolicyThresholdValue)'",
            "type":"number",
            "example":"3"
        },
        "PolicyAuthor":{
            "description":"Policy Author",
            "type":"string",
            "example":"Administrator"
        },
        "PolicyStatusID":{
            "description":"Event Watcher PolicyStatusID",
            "type":"integer",
            "example":"0"
        },
        "PolicyDescription":{
            "description":"Event Watcher Policy Description",
            "type":"string",
            "example":"For any Login Failures by Node in the last 15 mins\r\n\r\nIf any login failures occur and the Sum of Count >= 3, create this event."
        },
        "PolicyFilter":{
            "description":"SQL used to select which events will be processed by this CAPE Policy's node(s)",
            "type":"string",
            "example":"(EventType = 'LoginLogout' AND Severity > 1 AND LastReported > (UNIX_TIMESTAMP() - 900))"
        },
        "PolicyGrouping":{
            "description":"A SQL \"GROUP BY\" clause that allows the filtered metrics to be grouped.  Valid format is empty or a comma-delimited list of one or more Event.Events field names",
            "type":"string",
            "example":"Node"
        },
        "PolicyEventID":{
            "description":"The ID of the Meta Event that should be dispatched if the threshold condition is met for the filtered metrics",
            "type":"integer",
            "example":"3"
        },
        "PolicyEventName":{
            "description":"The Name of the Meta Event that should be dispatched if the threshold condition is met for the filtered metrics",
            "type":"string",
            "example":"Login Failure x3"
        },
        "NotificationProfileID":{
            "description":"ID of the notification profile.",
            "type":"integer",
            "example":"0"
        },
        "NotificationTemplateID":{
            "description":"ID of the notification template.",
            "type":"integer",
            "example":"0"
        },
        "EmailAddresses":{
            "description":"Comma-separated list of notification recipients.",
            "type":"string",
            "example":""
        },
        "NotificationProfileName":{
            "description":"Notification Profile Name",
            "type":"string",
            "example":null
        },
        "NotificationTemplateName":{
            "description":"Notification Template Name",
            "type":"string",
            "example":null
        },
        "ActionType":{
            "description":"Indicates which type of action to take when a threshold is crossed.\n\n- event        => Meta Event\n- notification => Notification profile",
            "type":"string",
            "example":"event"
        },
        "SearchType":{
            "description":"Indicates which type of search\n\n- field => Guided\n- sql   => Manual SQL",
            "type":"string",
            "example":"sql"
        },
        "PolicyAction":{
            "description":"Action associated with the Policy",
            "type":"string",
            "example":"Meta Event: Login Failure x3"
        },
        "Filters":{
            "description":"List of Filters with the Watcher",
            "type":"array",
            "items":{
                "type":"object",
                "properties":{
                    "FieldName":{
                        "example":"Ack"
                    },
                    "Expression":{
                        "example":"0"
                    },
                    "FieldValue":{
                        "example":""
                    }
                }
            },
            "example":[
                {
                    "FieldName":"Ack",
                    "Expression":"0",
                    "FieldValue":""
                },
                {
                    "FieldName":"Action",
                    "Expression":"0",
                    "FieldValue":""
                },
                {
                    "FieldName":"Actor",
                    "Expression":"0",
                    "FieldValue":""
                }
            ]
        },
        "PolicyThreshold":{
            "description":"Overall threshold operation",
            "type":"string",
            "example":"sum(Count) >= 3"
        }
    }
}

Nested Schema : Filters

Type: array

List of Filters with the Watcher

Show Source

• Array of: object items

{
    "description":"List of Filters with the Watcher",
    "type":"array",
    "items":{
        "type":"object",
        "properties":{
            "FieldName":{
                "example":"Ack"
            },
            "Expression":{
                "example":"0"
            },
            "FieldValue":{
                "example":""
            }
        }
    },
    "example":[
        {
            "FieldName":"Ack",
            "Expression":"0",
            "FieldValue":""
        },
        {
            "FieldName":"Action",
            "Expression":"0",
            "FieldValue":""
        },
        {
            "FieldName":"Actor",
            "Expression":"0",
            "FieldValue":""
        }
    ]
}

Example:

[
    {
        "FieldName":"Ack",
        "Expression":"0",
        "FieldValue":""
    },
    {
        "FieldName":"Action",
        "Expression":"0",
        "FieldValue":""
    },
    {
        "FieldName":"Actor",
        "Expression":"0",
        "FieldValue":""
    }
]

Nested Schema : items

Type: object

Show Source

• Expression:
  Example: 0
• FieldName:
  Example: Ack
• FieldValue:
  Example:

{
    "type":"object",
    "properties":{
        "FieldName":{
            "example":"Ack"
        },
        "Expression":{
            "example":"0"
        },
        "FieldValue":{
            "example":""
        }
    }
}

Default Response

Failed operation

Body ()

Root Schema : schema

Type: object

Show Source

• errors: array errors
  The list of errors reported. Validation errors will be keyed by record field.
• message: string
  The response message.

  Example: Exception thrown
• success: boolean
  Whether the operation was a success (true) or a failure (false).

  Example: false

{
    "properties":{
        "success":{
            "description":"Whether the operation was a success (<b>true</b>) or a failure (<b>false</b>).",
            "type":"boolean",
            "example":"false"
        },
        "message":{
            "description":"The response message.",
            "type":"string",
            "example":"Exception thrown"
        },
        "errors":{
            "description":"The list of errors reported. Validation errors will be keyed by record field.",
            "type":"array",
            "items":{
                "type":"object"
            }
        }
    },
    "type":"object"
}

Nested Schema : errors

Type: array

The list of errors reported. Validation errors will be keyed by record field.

Show Source

• Array of: object items

{
    "description":"The list of errors reported. Validation errors will be keyed by record field.",
    "type":"array",
    "items":{
        "type":"object"
    }
}

Nested Schema : items

Type: object

Back to Top