Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
06-22-2022 03:22 PM - last edited on 07-07-2022 08:38 AM by RPrasadi
- Api call add alert rule:
I want to create alert rules via API for the CSPM. Are there any examples for this? It's not clear to me how to populate:
alertRuleNotificationConfig
https://prisma.pan.dev/api/cloud/cspm/alert-rules#operation/add-alert-rule
POST https://{{api-endpoint}}/v2/alert/rule >> 405
Can we post events on this API endpoint?
- API call retrieving alert rule by ID:
GET https://{{api-endpoint}}/v1/alert/{{ruleid}} >> 404
The {id} which I retrieve with this API call:
https://prisma.pan.dev/api/cloud/cspm/alert-rules#operation/get-alert-rules-v2
Can any one verify that their api call are valid?
07-28-2022 01:43 AM
Please follow Instructions on how to setup the Postman Collections and Environments relating to Prisma Cloud (including Compute Console) API requests.
[1] https://github.com/PaloAltoNetworks/pcs-postman
This is an easy way to use create alert rules via API for the CSPM.
09-13-2022 10:21 AM
Greeting,
I highly recommend you review the following doc before Prisma Cloud API.
1- Access the Prisma Cloud REST API
2- Generate JWT Token in Prisma Cloud
3- Stack API based on STACKs
I have added the sample Payload for your convenience.
{
"alertRuleNotificationConfig": [
{
"detailedReport": false,
"enabled": false,
"includeRemediation": false,
"recipients": [
"user@email.com"
],
"type": "email",
"withCompression": false,
"frequency": "as_it_happens"
}
],
"allowAutoRemediate": false,
"delayNotificationMs": 0,
"description": "",
"enabled": true,
"name": "Test12",
"policies": [
"5cc78081-1006-4874-8b13-bd01583888c4"
],
"policyLabels": [],
"scanAll": false,
"target": {
"accountGroups": [
"41ec1962-2f54-49e7-b07e-d7ae1cacfd3d"
],
"excludedAccounts": [],
"regions": [],
"targetResourceList": {
"action": "AUTO_DISMISS",
"additionalNotes": "",
"approver": "",
"enabled": false,
"ids": [],
"reason": "",
"requestor": ""
},
"tags": []
},
"notifyOnDismissed": true,
"notifyOnOpen": true,
"notifyOnResolved": true,
"notifyOnSnoozed": true
}
POST https://{{api-endpoint}}/v2/alert/rule >> 405
Can we post events on this API endpoint?
No, we can't post to the above endpoint as API endpoint is missing.
Prisma Cloud API call is mainly based on the STACK for instance if I am on STACK APP2 the link would be https://api2.prismacloud.io/v2/alert/rule
or If I am using APP.EU the API call link would be https://api.eu.prismacloud.io/v2/alert/rule
API call retrieving alert rule by ID:
GET https://{{api-endpoint}}/v1/alert/{{ruleid}}
To run the following API call, firstly run the API call to get Alert ID.
My tenant is on APP3 so the API call would be https://api3.prismacloud.io/v2/alert/rule
Then use the following API call.
https://api3.prismacloud.io/v1/alert/{{ruleid}}
I hope this info will help.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
