:py:mod:`laceworksdk.api.v2.alert_rules` ======================================== .. py:module:: laceworksdk.api.v2.alert_rules .. autoapi-nested-parse:: Lacework AlertRules API wrapper. Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: laceworksdk.api.v2.alert_rules.AlertRulesAPI .. py:class:: AlertRulesAPI(session) Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint` A class used to represent the `Alert Rules API endpoint `_ Lacework combines alert channels and alert rules to provide a flexible method for routing alerts. For alert channels, you define information about where to send alerts, such as to Jira, Slack, or email. For alert rules, you define information about which alert types to send, such as critical and high severity compliance alerts. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: create(type, filters, intg_guid_list, **request_params) A method to create new Alert Rules. :param type: The type of the alert rule. Valid values are: "Event" :type type: str :param filters: The alert rule definition. See the `API docs `_ for valid values. :type filters: dict :param intg_guid_list: A list of GUIDs representing the alert channels to use. :type intg_guid_list: list of str :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The new rule. :rtype: dict .. py:method:: get(guid=None) A method to get AlertRules objects. :param guid: The alert rule GUID to retrieve. :type guid: str :returns: The alert rule(s) :rtype: dict .. py:method:: get_by_guid(guid) A method to get an AlertRules object by GUID. :param guid: The alert rule GUID. :type guid: str :returns: The alert rule :rtype: dict .. py:method:: update(guid, filters=None, intg_guid_list=None, **request_params) A method to update an AlertRules object. :param guid: The Alert Rule GUID you wish to update. :type guid: str :param filters: The alert rule definition. See the `API docs `_ for valid values. :type filters: dict, optional :param intg_guid_list: A list of GUIDs representing the alert channels to use. :type intg_guid_list: list of str, optional :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The updated alert rule :rtype: dict .. py:method:: delete(guid) A method to delete an AlertRules object. :param guid: The alert rule GUID. :type guid: str :returns: a Requests response object containing the response code :rtype: requests.models.Response .. py:method:: search(json=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :returns: returns a dict containing the search results :rtype: dict