Manage Alert Correlation
Update, gets and deletes an alert correlation policy of tenant by poliyId.
Path Parameters
- tenantId
Describes the clientId or mspId of the tenant
- policyId
Policy unique identifier
Responses
- id
- name
- enabled
- precedence
- filterCriteria
- type
- dependencyCorrelation
- createdBy
- updatedBy
- createdTime
- updatedTime
- algorithmCorrelation
- machineLearning
- clientsIncluded
- includedClients
Path Parameters
- tenantId
Describes the clientId or mspId of the tenant
- policyId
Policy unique identifier
Request Body
application/json
- name
The name of the alert correlation policy.
- filterCriteria
Filter for resources whose alerts will match this policy.
- type
The alert correlation policy type.
- Enum:
- DEPENDENCYALGORITHMCO_OCCURRENCE
- dependencyCorrelation
Correlate alerts on upstream and downstream resources.
- algorithmCorrelation
Correlate alerts that share similar alert properties.
- organizationMatchingType
- includedClients
- enabledMode
To enable an alert correlation policy, set "enabledMode": "ON". To disable an alert correlation policy, set "enabledMode: "OFF". To enable an alert correlation policy to observe, set "enabledMode": "OBSERVED".
- Enum:
- ONOFFOBSERVED
- precedence
Determine the execution order of a policy. For example, if VMware is specified as part of the agent status policy and network outage policy, the user can determine which policy should execute first to correlate VMware alerts.
Responses
- id
- name
- enabled
- precedence
- filterCriteria
- type
- algorithmCorrelation
- createdBy
- createdTime
- updatedTime
Path Parameters
- tenantId
Describes the clientId or mspId of the tenant
- policyId
Policy unique identifier