安全云脑 SECMASTER-更新告警规则:Python

时间:2023-12-06 18:52:42

Python

更新一条告警规则,告警规则名称为Alert rule,查询类型为SQL,状态为启用,严重程度为提示。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# coding: utf-8

from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdksecmaster.v2.region.secmaster_region import SecMasterRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdksecmaster.v2 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.getenv("CLOUD_SDK_AK")
    sk = os.getenv("CLOUD_SDK_SK")

    credentials = BasicCredentials(ak, sk) \

    client = SecMasterClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(SecMasterRegion.value_of("cn-north-4")) \
        .build()

    try:
        request = UpdateAlertRuleRequest()
        listTriggersbody = [
            AlertRuleTrigger(
                mode="COUNT",
                operator="GT",
                expression="10",
                severity="TIPS"
            )
        ]
        schedulebody = Schedule(
            frequency_interval=5,
            frequency_unit="MINUTE",
            period_interval=5,
            period_unit="MINUTE",
            delay_interval=2,
            overtime_interval=10
        )
        listCustomPropertiesbody = {
            "references": "https://localhost/references",
            "maintainer": "isap"
        }
        request.body = UpdateAlertRuleRequestBody(
            triggers=listTriggersbody,
            schedule=schedulebody,
            event_grouping=True,
            custom_properties=listCustomPropertiesbody,
            severity="TIPS",
            status="ENABLED",
            query_type="SQL",
            query="* | select status, count(*) as count group by status",
            rule_name="Alert rule"
        )
        response = client.update_alert_rule(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
support.huaweicloud.com/api-secmaster/UpdateAlertRule.html