Jump to

• Request
• Response

Create a CAPE Policy

post

/api/event/Policies

Creates a new CAPE policy.
The minimum required properties in the request body are:

• PolicyName
• PolicyZoneID
• PolicyProcessType
• PolicyPollTime
• PolicyNodeID
• PolicyStatusID

Request

There are no request parameters for this operation.

Supported Media Types

• application/json

Request Body - application/json ()

Root Schema : schema

Type: object

Show Source

• PolicyDescription: string
  CAPE Policy Description

  Example: Analytics has found an event that has never happened before or through heuristics has been found as not noise but important. The goal is to increase the severity of the originating event.
• PolicyName: string
  The CAPE policy name.
  To avoid confusion with numeric IDs, the name value cannot be integers only or integers prefixed with the + or - symbols only. It must contain letters or other characters. For example, 1234, +1234, and -1234 are not valid, but US1234, US+1234 and US_1234 are.

  Example: Abnormal Activity
• PolicyNodeID: integer
  The ID of the first node called to process this policy's matching events.

  Example: 1
• PolicyPollTime: integer
  Interval, in seconds, this policy should run (30 seconds recommended minimum)

  Example: 30
• PolicyProcessType: string
  Flag to indicate whether events will be processed by each node in a batch, or individually Allowed Values: - 0 => Process Events Individually - 1 => Process Events Together

  Example: 0
• PolicySelectSQL: string
  SQL used to select which events will be processed by this CAPE Policy's node(s)

  Example: SELECT * FROM Events WHERE Severity > 1 AND EventType LIKE 'AbnormalActivity-%'
• PolicyStatusID: integer
  The policy status ID. Either 0 (disabled) or 1 (enabled).

  Example: 1
• PolicyZoneID: integer
  The device zone ID associated with the policy. 0 is used for "all zones".

  Example: 0

{
    "type":"object",
    "properties":{
        "PolicyName":{
            "description":"The CAPE policy name.\n<br>To avoid confusion with numeric IDs, the name value cannot be integers only or integers prefixed with the + or - symbols only. It must contain letters or other characters. For example, <b>1234</b>, <b>+1234</b>, and <b>-1234</b> are not valid, but <b>US1234</b>, <b>US+1234</b> and <b>US_1234</b> are.",
            "type":"string",
            "example":"Abnormal Activity"
        },
        "PolicyDescription":{
            "$ref":"#/components/schemas/eventPoliciesRead/properties/PolicyDescription"
        },
        "PolicyNodeID":{
            "$ref":"#/components/schemas/eventPoliciesRead/properties/PolicyNodeID"
        },
        "PolicyPollTime":{
            "$ref":"#/components/schemas/eventPoliciesRead/properties/PolicyPollTime"
        },
        "PolicyProcessType":{
            "$ref":"#/components/schemas/eventPoliciesRead/properties/PolicyProcessType"
        },
        "PolicySelectSQL":{
            "$ref":"#/components/schemas/eventPoliciesRead/properties/PolicySelectSQL"
        },
        "PolicyStatusID":{
            "$ref":"#/components/schemas/eventPoliciesRead/properties/PolicyStatusID"
        },
        "PolicyZoneID":{
            "$ref":"#/components/schemas/eventPoliciesRead/properties/PolicyZoneID"
        }
    }
}

Back to Top

Response

Supported Media Types

• application/json

200 Response

Successful operation

Body ()

Root Schema : schema

Match All

Show Source

• object SuccessfulAddOperation
  The response body for a successful add operation.
• object type

{
    "allOf":[
        {
            "$ref":"#/components/schemas/SuccessfulAddOperation"
        },
        {
            "type":"object",
            "properties":{
                "data":{
                    "description":"The properties of the new CAPE policy.",
                    "type":"array",
                    "items":{
                        "$ref":"#/components/schemas/eventPoliciesRead"
                    }
                },
                "total":{
                    "description":"The total number of results regardless of paging.",
                    "type":"integer",
                    "example":"1"
                }
            }
        }
    ]
}

Nested Schema : SuccessfulAddOperation

Type: object

The response body for a successful add operation.

Show Source

• message: string
  The response message.

  Example: Added record
• success: boolean
  Whether the operation was a success (true) or a failure (false).

  Example: true

{
    "description":"The response body for a successful add operation.",
    "properties":{
        "success":{
            "description":"Whether the operation was a success (<b>true</b>) or a failure (<b>false</b>).",
            "type":"boolean",
            "example":"true"
        },
        "message":{
            "description":"The response message.",
            "type":"string",
            "example":"Added record"
        }
    },
    "type":"object"
}

Nested Schema : type

Type: object

Show Source

• data: array data
  The properties of the new CAPE policy.
• total: integer
  The total number of results regardless of paging.

  Example: 1

{
    "type":"object",
    "properties":{
        "data":{
            "description":"The properties of the new CAPE policy.",
            "type":"array",
            "items":{
                "$ref":"#/components/schemas/eventPoliciesRead"
            }
        },
        "total":{
            "description":"The total number of results regardless of paging.",
            "type":"integer",
            "example":"1"
        }
    }
}

Nested Schema : data

Type: array

The properties of the new CAPE policy.

Show Source

• Array of: object eventPoliciesRead

{
    "description":"The properties of the new CAPE policy.",
    "type":"array",
    "items":{
        "$ref":"#/components/schemas/eventPoliciesRead"
    }
}

Nested Schema : eventPoliciesRead

Type: object

Show Source

• PolicyDescription: string
  CAPE Policy Description

  Example: Analytics has found an event that has never happened before or through heuristics has been found as not noise but important. The goal is to increase the severity of the originating event.
• PolicyID: integer
  Profile ID specified for individual CRUD operations

  Example: 1
• PolicyName: string
  CAPE Policy Name

  Example: AbnormalActivity
• PolicyNodeID: integer
  The ID of the first node called to process this policy's matching events.

  Example: 1
• PolicyNodeName: string
  Name of the first node called.

  Example: EscalateByAnomaly
• PolicyNodeNameDisplay: string
  Name of the first node called.

  Example: EscalateByAnomaly
• PolicyPollTime: integer
  Interval, in seconds, this policy should run (30 seconds recommended minimum)

  Example: 30
• PolicyProcessType: string
  Flag to indicate whether events will be processed by each node in a batch, or individually Allowed Values: - 0 => Process Events Individually - 1 => Process Events Together

  Example: 0
• PolicySelectSQL: string
  SQL used to select which events will be processed by this CAPE Policy's node(s)

  Example: SELECT * FROM Events WHERE Severity > 1 AND EventType LIKE 'AbnormalActivity-%'
• PolicyStatus: string
  Status for the Policy. Status will be Enabled or Disabled.

  Example: Enabled
• PolicyStatusIcon: string
  CAPE Policy Status Icon. The icon will be "OrbRed.png" or "OrbGreen.png"

  Example: OrbGreen.png
• PolicyStatusID: integer
  The policy status ID. Either 0 (disabled) or 1 (enabled).

  Example: 1
• PolicyZoneID: integer
  The device zone ID associated with the policy. 0 is used for "all zones".

  Example: 0
• PolicyZoneName: string
  The device zone name associated with the policy. It will be null if the zone ID is 0.

  Example: oracle.doceng.json.BetterJsonNull@5b977aaa
• PolicyZoneNameDisplay: string
  The device zone name associated with the policy. It will be "[All]" if the zone ID is 0.

  Example: [All]

{
    "type":"object",
    "properties":{
        "PolicyID":{
            "description":"Profile ID specified for individual CRUD operations",
            "type":"integer",
            "example":"1"
        },
        "PolicyStatusIcon":{
            "description":"CAPE Policy Status Icon. The icon will be \"OrbRed.png\" or \"OrbGreen.png\"",
            "type":"string",
            "example":"OrbGreen.png"
        },
        "PolicyStatus":{
            "description":"Status for the Policy. Status will be Enabled or Disabled.",
            "type":"string",
            "example":"Enabled"
        },
        "PolicyName":{
            "description":"CAPE Policy Name",
            "type":"string",
            "example":"AbnormalActivity"
        },
        "PolicyStatusID":{
            "description":"The policy status ID. Either <b>0</b> (disabled) or <b>1</b> (enabled).",
            "type":"integer",
            "example":"1"
        },
        "PolicyDescription":{
            "description":"CAPE Policy Description",
            "type":"string",
            "example":"Analytics has found an event that has never happened before or through heuristics has been found as not noise but important. The goal is to increase the severity of the originating event."
        },
        "PolicySelectSQL":{
            "description":"SQL used to select which events will be processed by this CAPE Policy's node(s)",
            "type":"string",
            "example":"SELECT *\n  FROM Events\n WHERE Severity     > 1\n   AND EventType LIKE 'AbnormalActivity-%'\n"
        },
        "PolicyProcessType":{
            "description":"Flag to indicate whether events will be processed by each node in a batch, or individually\n\nAllowed Values:\n  -  0 => Process Events Individually\n  -  1 => Process Events Together",
            "type":"string",
            "example":"0"
        },
        "PolicyPollTime":{
            "description":"Interval, in seconds, this policy should run (30 seconds recommended minimum)",
            "type":"integer",
            "example":"30"
        },
        "PolicyNodeID":{
            "description":"The ID of the first node called to process this policy's matching events.",
            "type":"integer",
            "example":"1"
        },
        "PolicyNodeName":{
            "description":"Name of the first node called.",
            "type":"string",
            "example":"EscalateByAnomaly"
        },
        "PolicyNodeNameDisplay":{
            "description":"Name of the first node called.",
            "type":"string",
            "example":"EscalateByAnomaly"
        },
        "PolicyZoneID":{
            "description":"The device zone ID associated with the policy. 0 is used for \"all zones\".",
            "type":"integer",
            "example":"0"
        },
        "PolicyZoneName":{
            "description":"The device zone name associated with the policy. It will be null if the zone ID is 0.",
            "type":"string",
            "example":null
        },
        "PolicyZoneNameDisplay":{
            "description":"The device zone name associated with the policy. It will be \"[All]\" if the zone ID is 0.",
            "type":"string",
            "example":"[All]"
        }
    }
}

Default Response

Failed operation

Body ()

Root Schema : schema

Type: object

Show Source

• errors: array errors
  The list of errors reported. Validation errors will be keyed by record field.
• message: string
  The response message.

  Example: Exception thrown
• success: boolean
  Whether the operation was a success (true) or a failure (false).

  Example: false

{
    "properties":{
        "success":{
            "description":"Whether the operation was a success (<b>true</b>) or a failure (<b>false</b>).",
            "type":"boolean",
            "example":"false"
        },
        "message":{
            "description":"The response message.",
            "type":"string",
            "example":"Exception thrown"
        },
        "errors":{
            "description":"The list of errors reported. Validation errors will be keyed by record field.",
            "type":"array",
            "items":{
                "description":"An error.",
                "type":"object"
            }
        }
    },
    "type":"object"
}

Nested Schema : errors

Type: array

The list of errors reported. Validation errors will be keyed by record field.

Show Source

• Array of: object items
  An error.

{
    "description":"The list of errors reported. Validation errors will be keyed by record field.",
    "type":"array",
    "items":{
        "description":"An error.",
        "type":"object"
    }
}

Nested Schema : items

Type: object

An error.

Back to Top