REST API for Advanced Alerts
Using the correlation APIs, you can retrieve and acknowledge alerts. Real-time instances generate alerts; replay instances do not.
You can perform the following operations on alerts using REST API:
- Retrieve and view alerts:
GET https://<host>:9682/api/v1/instance/<instanceID>/alerts?alertNameFilter=LoginFailureAttempt
- Retrieve alert details:
GET https://<host>:9682/api/v1/instance/<instanceID>/alert/<alertID>
- Acknowledge alerts:
POST https://<host>:9682/api/v1/alerts
List of REST API services
| Resource API | Description |
|---|---|
| GET instance/{id}/alerts | Get a list of alerts from an instance. |
| POST alerts | Acknowledge alerts. |
| GET instance/{id}/alert/{alertID} | Get the detailed summary of an alert. |
| GET instances/alert/severities | Get a list of alert severities. |
| GET instances/alert/categories | Get a list of alert categories. |
| POST instances/alert/fields | Get a list of alert fields for the rule and source environment. The alert fields are different depending on the rule and source environment. |
| GET instance/{id}/alert/{alertID}/group/{groupName}/ eventKeys | Get a list of event references and sources. This supports only realtime instances. |