Alert Rules

Overview

This document describes the API to define alert rules for auto-scaling and monitoring the health of the BIG-IP devices.

REST Endpoint: /mgmt/cm/shared/policymgmt/alert-rules

Requests

GET /mgmt/cm/shared/policymgmt/alert-rules/<name>

Request Parameters

None

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
name string A unique ID for this alert rule.
description string Description of the alert rule.
alertTypeId string This field uniquely identifies the type of alert.
isDefault boolean Is this a default alert rule?
producerType string Type of agent generating this alert. Possible values: device or application.
alertType string Indicates whether this is a state-full or a stateless alert. The value ‘active’ indicates an alert with a state.
alertContext string Categorizes the context of the alert.
includeInternalAlerts boolean True indicates a separate alert generated for each contained metric. False indicates an alert only when the aggregated value exceeds threshold.
aggregationMethod string Possible values: ‘or’ / ‘and’. The value ‘or’ means an alert is sent when at least one metric value exceeds threshold. The value ‘and’ means an alert is sent when all metric values are exceed threshold.
external boolean Indicates whether this alert is for a private cloud or public cloud. For AWS and Azure SSG scaling recommendation rules, the value should be ‘true’. For all other rules, the value should be ‘false’.
nestedRules array_of_objects A list of Metric’s Configurations Properties.
     alertTypeId string A unique ID for this alert.
     alertRuleType string Represents the alert’s class. May be ‘nested-metric’ or ‘metric’ at this context.
     warningThreshold number A threshold on the statistics for generating a warning alert.
     errorThreshold number A threshold on the statistics for generating an error alert.
     observation number The time used to calculate the average metric value that is compared to the thresholds. This field is used to calculate security alerts.
     referenceObservation number The ‘normal’ time to use as a reference for the alerts calculation. This field is used for security alerts calculation.
     errorDelta number The required change in value, in percentage. This field is used for security alerts calculation.
     unit string The units used for this metric’s value and thresholds.
     operator string Specifies which operator is used to trigger the event. This may be either ‘greather-than’ or ‘less-than’.
     enabled boolean True if the rule is enabled.
alertRuleReferences array_of_objects A list of references to other alert rules.
     name string The name of an alert rule name being referenced.
     link string The alert rule uri of the alert that is being referenced.
     filter object  
          field string  
          value string  
applicationReferences array_of_objects A list of application references for which the current alert rule applies.
     name string Name of the application.
     link string The uri of the application.
     filter object  
          field string  
          value string  
deviceReferences array_of_objects A list of device references for which the current alert rule applies.
     name string Hostname of the device.
     link string The uri of the device.
     filter object  
          field string  
          value string  
ssgReferences array_of_objects A list of Service Scaling Group (SSG) references for which the current alert rule applies.
     name string Name of the SSG.
     link string The uri of the SSG.
     filter object  
          field string  
          value string  
deviceGroupReferences array_of_objects  
     name string  
     link string  
     filter object  
          field string  
          value string  
alertRuleType string Type of alert rule. This can be either ‘metric’ or ‘aggregated’.
warningThreshold number Warning threshold for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
errorThreshold number Error threshold for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
unit string Unit used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
operator string Operator used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
observation number The time used to calculate the average metric value to compare with the thresholds. This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
referenceObservation number The ‘normal’ time to use as a reference for the alerts calculation. This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
errorDelta number The required change in value, in percentage. This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
enabled boolean Is the alert rule enabled? This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
isPublic boolean For internal use. All Scale-out, Scale-in and SSG health status rules must set isPublic = false.

Permissions

Role Allow
Application_Editor Yes
Application_Viewer Yes
Application_Manager Yes

POST /mgmt/cm/shared/policymgmt/alert-rules

Request Parameters

Name Type Required Description
name string False A unique ID for this alert rule.
description string False Description of the alert rule.
alertTypeId string False This field uniquely identifies the type of the alert.
isDefault boolean False Is this a default alert rule?
producerType string False Type of agent generating this alert. Possible values: device or application.
alertType string False Is this a state-full or a stateless alert. ‘active’ indicates an alert with a state.
alertContext string False Categorize the context of the alert.
includeInternalAlerts boolean False True indicates a separate alert generated for each contained metric. False indicates an alert only when the aggregated value exceeds threshold.
aggregationMethod string False Possible values: ‘or’ / ‘and’. The value ‘or’ means an alert is sent when at least one metric value exceeds threshold. The value ‘and’ means an alert is sent when all metric values are exceed threshold.
external boolean False Used to identify if this is for a private cloud or public cloud. For AWS and Azure SSG scaling recommendation rules, the value should be ‘true’. For all other rules, the value should be ‘false’.
nestedRules array_of_objects False A list of Metric’s Configurations Properties.
     alertTypeId string False A unique ID for this alert.
     alertRuleType string False Represents the alert’s class. May be ‘nested-metric’ or ‘metric’ at this context.
     warningThreshold number False A threshold on the statistics for generating a warning alert.
     errorThreshold number False A threshold on the statistics for generating an error alert.
     observation number False The time used to calculate the average metric value that is compared to the thresholds. This field is used to calculate security alerts.
     referenceObservation number False The ‘normal’ values time to use as a reference for the alerts calculation. This field is used for security alerts calculation.
     errorDelta number False The required change in value, in percentage. This field is used for security alerts calculation.
     unit string False The units used for this metric’s value and thresholds.
     operator string False Specifies which operator is used to trigger the event. This may be either ‘greather-than’ or ‘less-than’.
     enabled boolean False True if the rule is enabled.
alertRuleReferences array_of_objects False A list of references to other alert rules.
     name string False Alert rule name that is being referenced.
     link string False The alert rule uri of the alert that is being referenced.
     filter object False  
          field string False  
          value string False  
applicationReferences array_of_objects False A list of application references for which the current alert rule applies.
     name string False Name of the application.
     link string False The uri of the application.
     filter object False  
          field string False  
          value string False  
deviceReferences array_of_objects False A list of device references for which the current alert rule applies.
     name string False Hostname of the device.
     link string False The uri of the device.
     filter object False  
          field string False  
          value string False  
ssgReferences array_of_objects False A list of SSG references for which the current alert rule applies.
     name string False Name of the SSG.
     link string False The uri of the SSG.
     filter object False  
          field string False  
          value string False  
deviceGroupReferences array_of_objects False  
     name string False  
     link string False  
     filter object False  
          field string False  
          value string False  
alertRuleType string False Type of alert rule. This can be either ‘metric’ or ‘aggregated’.
warningThreshold number False Warning threshold for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
errorThreshold number False Error threshold for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
unit string False Unit used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
operator string False Operator used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
observation number False The time that we use in order to calculate the average metric value to compare with the defined threshold(s). This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
referenceObservation number False The ‘normal’ values time to use as a reference for the alerts calculation. This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
errorDelta number False The required value change, in percentage. This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
enabled boolean False Is the alert rule enabled? This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
isPublic boolean False For internal use. All Scale-out, Scale-in and SSG health status rules must set isPublic = false.

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
name string A unique ID for this alert rule
description string Description of the alert rule
alertTypeId string This field uniquely identifies the type of alert.
isDefault boolean Is this a default alert rule?
producerType string Who generates this alert, device or application
alertType string Is this a stateful or a stateless alert. ‘active’ indicates an alert with a state
alertContext string Categorize the context of the alert
includeInternalAlerts boolean True indicates a separate alert generated for each contained metric. False indicates an alert only when the aggregated value exceeds threshold.
aggregationMethod string Possible values: ‘or’ / ‘and’. The value ‘or’ means an alert is sent when at least one metric value exceeds threshold. The value ‘and’ means an alert is sent when all metric values are exceed threshold.
external boolean Used to identify if this is for a private cloud or public cloud. For AWS and Azure SSG scaling recommendation rules, the value should be ‘true’. For all other rules, the value should be ‘false’.
nestedRules array_of_objects A list of Metric’s Configurations Properties.
     alertTypeId string A unique ID for this alert.
     alertRuleType string Represents the alert’s class. May be ‘nested-metric’ or ‘metric’ at this context.
     warningThreshold number A threshold on the statistics for generating a warning alert.
     errorThreshold number A threshold on the statistics for generating an error alert.
     observation number The time used to calculate the average metric value that is compared to the thresholds. This field is used to calculate security alerts.
     referenceObservation number The ‘normal’ values time to use as a reference for the alerts calculation. This field is used for security alerts calculation.
     errorDelta number The required change in value, in percentage. This field is used for security alerts calculation.
     unit string The units used for this metric’s value and thresholds.
     operator string Specifies which operator is used to trigger the event. This may be either ‘greather-than’ or ‘less-than’.
     enabled boolean True if the rule is enabled.
alertRuleReferences array_of_objects A list of references to other alert rules.
     name string Alert rule name that is being referenced.
     link string The alert rule uri of the alert that is being referenced.
     filter object  
          field string  
          value string  
applicationReferences array_of_objects A list of application references for which the current alert rule applies.
     name string Name of the application.
     link string The uri of the application.
     filter object  
          field string  
          value string  
deviceReferences array_of_objects A list of device references for which the current alert rule applies.
     name string Hostname of the device.
     link string The uri of the device.
     filter object  
          field string  
          value string  
ssgReferences array_of_objects A list of SSG references for which the current alert rule applies.
     name string Name of the SSG.
     link string The uri of the SSG.
     filter object  
          field string  
          value string  
deviceGroupReferences array_of_objects  
     name string  
     link string  
     filter object  
          field string  
          value string  
alertRuleType string Type of alert rule. This can be either ‘metric’ or ‘aggregated’.
warningThreshold number Warning threshold for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
errorThreshold number Error threshold for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
unit string Unit used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
operator string Operator used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
observation number The time that we use in order to calculate the average metric value to compare with the defined threshold(s). This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
referenceObservation number The ‘normal’ values time to use as a reference for the alerts calculation. This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
errorDelta number The required value change, in percentage. This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
enabled boolean Is the alert rule enabled? This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
isPublic boolean For internal use. All Scale-out, Scale-in and SSG health status rules must set isPublic = false.

Permissions

Role Allow
Application_Editor No
Application_Viewer No
Application_Manager No

PATCH /mgmt/cm/shared/policymgmt/alert-rules/<name>

Request Parameters

Name Type Required Description
description string False Description of the alert rule
alertTypeId string False This field uniquely identifies the type of alert.
isDefault boolean False Is this a default alert rule?
producerType string False Who generates this alert, device or application
alertType string False Is this a stateful or a stateless alert. ‘active’ indicates an alert with a state
alertContext string False Categorize the context of the alert
includeInternalAlerts boolean False True indicates a separate alert generated for each contained metric. False indicates an alert only when the aggregated value exceeds threshold.
aggregationMethod string False Possible values: ‘or’ / ‘and’. The value ‘or’ means an alert is sent when at least one metric value exceeds threshold. The value ‘and’ means an alert is sent when all metric values are exceed threshold.
external boolean False Used to identify if this is for a private cloud or public cloud. For AWS and Azure SSG scaling recommendation rules, the value should be ‘true’. For all other rules, the value should be ‘false’.
nestedRules array_of_objects False A list of Metric’s Configurations Properties.
     alertTypeId string False A unique ID for this alert.
     alertRuleType string False Represents the alert’s class. May be ‘nested-metric’ or ‘metric’ at this context.
     warningThreshold number False A threshold on the statistics for generating a warning alert.
     errorThreshold number False A threshold on the statistics for generating an error alert.
     observation number False The time used to calculate the average metric value that is compared to the thresholds. This field is used to calculate security alerts.
     referenceObservation number False The ‘normal’ values time to use as a reference for the alerts calculation. This field is used for security alerts calculation.
     errorDelta number False The required change in value, in percentage. This field is used for security alerts calculation.
     unit string False The units used for this metric’s value and thresholds.
     operator string False Specifies which operator is used to trigger the event. This may be either ‘greather-than’ or ‘less-than’.
     enabled boolean False True if the rule is enabled.
alertRuleReferences array_of_objects False A list of references to other alert rules.
     name string False Alert rule name that is being referenced.
     link string False The alert rule uri of the alert that is being referenced.
     filter object False  
          field string False  
          value string False  
applicationReferences array_of_objects False A list of application references for which the current alert rule applies.
     name string False Name of the application.
     link string False The uri of the application.
     filter object False  
          field string False  
          value string False  
deviceReferences array_of_objects False A list of device references for which the current alert rule applies.
     name string False Hostname of the device.
     link string False The uri of the device.
     filter object False  
          field string False  
          value string False  
ssgReferences array_of_objects False A list of SSG references for which the current alert rule applies.
     name string False Name of the SSG.
     link string False The uri of the SSG.
     filter object False  
          field string False  
          value string False  
deviceGroupReferences array_of_objects False  
     name string False  
     link string False  
     filter object False  
          field string False  
          value string False  
alertRuleType string False Type of alert rule. This can be either ‘metric’ or ‘aggregated’.
warningThreshold number False Warning threshold for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
errorThreshold number False Error threshold for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
unit string False Unit used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
operator string False Operator used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
observation number False The time that we use in order to calculate the average metric value to compare with the defined threshold(s). This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
referenceObservation number False The ‘normal’ values time to use as a reference for the alerts calculation. This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
errorDelta number False The required value change, in percentage. This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
enabled boolean False Is the alert rule enabled? This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
isPublic boolean False For internal use. All Scale-out, Scale-in and SSG health status rules must set isPublic = false.

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
name string A unique ID for this alert rule.
description string Description of the alert rule
alertTypeId string This field uniquely identifies the type of alert.
isDefault boolean Is this a default alert rule?
producerType string Who generates this alert, device or application
alertType string Is this a stateful or a stateless alert. ‘active’ indicates an alert with a state
alertContext string Categorize the context of the alert
includeInternalAlerts boolean True indicates a separate alert generated for each contained metric. False indicates an alert only when the aggregated value exceeds threshold.
aggregationMethod string Possible values: ‘or’ / ‘and’. The value ‘or’ means an alert is sent when at least one metric value exceeds threshold. The value ‘and’ means an alert is sent when all metric values are exceed threshold.
external boolean Used to identify if this is for a private cloud or public cloud. For AWS and Azure SSG scaling recommendation rules, the value should be ‘true’. For all other rules, the value should be ‘false’.
nestedRules array_of_objects A list of Metric’s Configurations Properties.
     alertTypeId string A unique ID for this alert.
     alertRuleType string Represents the alert’s class. May be ‘nested-metric’ or ‘metric’ at this context.
     warningThreshold number A threshold on the statistics for generating a warning alert.
     errorThreshold number A threshold on the statistics for generating an error alert.
     observation number The time used to calculate the average metric value that is compared to the thresholds. This field is used to calculate security alerts.
     referenceObservation number The ‘normal’ values time to use as a reference for the alerts calculation. This field is used for security alerts calculation.
     errorDelta number The required change in value, in percentage. This field is used for security alerts calculation.
     unit string The units used for this metric’s value and thresholds.
     operator string Specifies which operator is used to trigger the event. This may be either ‘greather-than’ or ‘less-than’.
     enabled boolean True if the rule is enabled.
alertRuleReferences array_of_objects A list of references to other alert rules.
     name string Alert rule name that is being referenced.
     link string The alert rule uri of the alert that is being referenced.
     filter object  
          field string  
          value string  
applicationReferences array_of_objects A list of application references for which the current alert rule applies.
     name string Name of the application.
     link string The uri of the application.
     filter object  
          field string  
          value string  
deviceReferences array_of_objects A list of device references for which the current alert rule applies.
     name string Hostname of the device.
     link string The uri of the device.
     filter object  
          field string  
          value string  
ssgReferences array_of_objects A list of SSG references for which the current alert rule applies.
     name string Name of the SSG.
     link string The uri of the SSG.
     filter object  
          field string  
          value string  
deviceGroupReferences array_of_objects  
     name string  
     link string  
     filter object  
          field string  
          value string  
alertRuleType string Type of alert rule. This can be either ‘metric’ or ‘aggregated’.
warningThreshold number Warning threshold for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
errorThreshold number Error threshold for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
unit string Unit used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
operator string Operator used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
observation number The time that we use in order to calculate the average metric value to compare with the defined threshold(s). This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
referenceObservation number The ‘normal’ values time to use as a reference for the alerts calculation. This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
errorDelta number The required value change, in percentage. This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
enabled boolean Is the alert rule enabled? This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
isPublic boolean For internal use. All Scale-out, Scale-in and SSG health status rules must set isPublic = false.

Permissions

Role Allow
Application_Editor Yes
Application_Viewer No
Application_Manager No

DELETE /mgmt/cm/shared/policymgmt/alert-rules/<name>

Request Parameters

None

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
name string A unique ID for this alert rule.
description string Description of the alert rule
alertTypeId string This field uniquely identifies the type of alert.
isDefault boolean Is this a default alert rule?
producerType string Who generates this alert, device or application
alertType string Is this a stateful or a stateless alert. ‘active’ indicates an alert with a state
alertContext string Categorize the context of the alert
includeInternalAlerts boolean True indicates a separate alert generated for each contained metric. False indicates an alert only when the aggregated value exceeds threshold.
aggregationMethod string Possible values: ‘or’ / ‘and’. The value ‘or’ means an alert is sent when at least one metric value exceeds threshold. The value ‘and’ means an alert is sent when all metric values are exceed threshold.
external boolean Used to identify if this is for a private cloud or public cloud. For AWS and Azure SSG scaling recommendation rules, the value should be ‘true’. For all other rules, the value should be ‘false’.
nestedRules array_of_objects A list of Metric’s Configurations Properties.
     alertTypeId string A unique ID for this alert.
     alertRuleType string Represents the alert’s class. May be ‘nested-metric’ or ‘metric’ at this context.
     warningThreshold number A threshold on the statistics for generating a warning alert.
     errorThreshold number A threshold on the statistics for generating an error alert.
     observation number The time used to calculate the average metric value that is compared to the thresholds. This field is used to calculate security alerts.
     referenceObservation number The ‘normal’ values time to use as a reference for the alerts calculation. This field is used for security alerts calculation.
     errorDelta number The required change in value, in percentage. This field is used for security alerts calculation.
     unit string The units used for this metric’s value and thresholds.
     operator string Specifies which operator is used to trigger the event. This may be either ‘greather-than’ or ‘less-than’.
     enabled boolean True if the rule is enabled.
alertRuleReferences array_of_objects A list of references to other alert rules.
     name string Alert rule name that is being referenced.
     link string The alert rule uri of the alert that is being referenced.
     filter object  
          field string  
          value string  
applicationReferences array_of_objects A list of application references for which the current alert rule applies.
     name string Name of the application.
     link string The uri of the application.
     filter object  
          field string  
          value string  
deviceReferences array_of_objects A list of device references for which the current alert rule applies.
     name string Hostname of the device.
     link string The uri of the device.
     filter object  
          field string  
          value string  
ssgReferences array_of_objects A list of SSG references for which the current alert rule applies.
     name string Name of the SSG.
     link string The uri of the SSG.
     filter object  
          field string  
          value string  
deviceGroupReferences array_of_objects  
     name string  
     link string  
     filter object  
          field string  
          value string  
alertRuleType string Type of alert rule. This can be either ‘metric’ or ‘aggregated’.
warningThreshold number Warning threshold for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
errorThreshold number Error threshold for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
unit string Unit used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
operator string Operator used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
observation number The time that we use in order to calculate the average metric value to compare with the defined threshold(s). This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
referenceObservation number The ‘normal’ values time to use as a reference for the alerts calculation. This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
errorDelta number The required value change, in percentage. This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
enabled boolean Is the alert rule enabled? This is used for asm security rule only: alertTypeId = ‘asm-bad-traffic-growth’, ‘asm-blocking-valid-traffic’, ‘asm-successful-attacks’
isPublic boolean For internal use. All Scale-out, Scale-in and SSG health status rules must set isPublic = false.

Permissions

Role Allow
Application_Editor No
Application_Viewer No
Application_Manager No

Examples

List an alert rule

GET /mgmt/cm/shared/policymgmt/alert-rules/<name>

Response

HTTP/1.1 200 OK
{
    "name": "my-device-health-rule",
    "description": "Device health rules for devices in Data Center 1",
    "alertTypeId": "device-health",
    "isDefault": false,
    "producerType": "device",
    "alertType": "active",
    "alertContext": "health",
    "includeInternalAlerts": true,
    "aggregationMethod": "or",
    "external": false,
    "nestedRules": [{
        "alertTypeId": "device-cpu",
        "alertRuleType": "nested-metric",
        "warningThreshold": 60,
        "errorThreshold": 80,
        "observation": 1440,
        "referenceObservation": 10080,
        "errorDelta": 3,
        "unit": "percent",
        "operator": "greater-than",
        "enabled": true
    }],
    "alertRuleReferences": [{
        "name": "custom-health-rule-dc2",
        "link": "https://localhost/mgmt/cm/shared/policymgmt/alert-rules/custom-health-rule-dc2",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "applicationReferences": [{
        "name": "app1",
        "link": "https://configuration/app1",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "deviceReferences": [{
        "name": "bigip1.mgmt.foo.bar.com",
        "link": "https://configuration/device/uri",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "ssgReferences": [{
        "name": "ssg1",
        "link": "https://localhost/mgmt/cm/cloud/service-scaling-groups/9aa32232-2d42-4df3-4d33-sdc2313454fb",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "deviceGroupReferences": [{
        "name": No example value specified,
        "link": No example value specified,
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "alertRuleType": "metric",
    "warningThreshold": -1.0,
    "errorThreshold": 0.1,
    "unit": "percent",
    "operator": "greater-than",
    "observation": 1440,
    "referenceObservation": 10080,
    "errorDelta": 3,
    "enabled": true,
    "isPublic": true
}

List all alert rules

GET /mgmt/cm/shared/policymgmt/alert-rules

Response

HTTP/1.1 200 OK
{
    "name": "my-device-health-rule",
    "description": "Device health rules for devices in Data Center 1",
    "alertTypeId": "device-health",
    "isDefault": false,
    "producerType": "device",
    "alertType": "active",
    "alertContext": "health",
    "includeInternalAlerts": true,
    "aggregationMethod": "or",
    "external": false,
    "nestedRules": [{
        "alertTypeId": "device-cpu",
        "alertRuleType": "nested-metric",
        "warningThreshold": 60,
        "errorThreshold": 80,
        "observation": 1440,
        "referenceObservation": 10080,
        "errorDelta": 3,
        "unit": "percent",
        "operator": "greater-than",
        "enabled": true
    }],
    "alertRuleReferences": [{
        "name": "custom-health-rule-dc2",
        "link": "https://localhost/mgmt/cm/shared/policymgmt/alert-rules/custom-health-rule-dc2",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "applicationReferences": [{
        "name": "app1",
        "link": "https://configuration/app1",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "deviceReferences": [{
        "name": "bigip1.mgmt.foo.bar.com",
        "link": "https://configuration/device/uri",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "ssgReferences": [{
        "name": "ssg1",
        "link": "https://localhost/mgmt/cm/cloud/service-scaling-groups/9aa32232-2d42-4df3-4d33-sdc2313454fb",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "deviceGroupReferences": [{
        "name": No example value specified,
        "link": No example value specified,
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "alertRuleType": "metric",
    "warningThreshold": -1.0,
    "errorThreshold": 0.1,
    "unit": "percent",
    "operator": "greater-than",
    "observation": 1440,
    "referenceObservation": 10080,
    "errorDelta": 3,
    "enabled": true,
    "isPublic": true
}

Create an alert rules

POST /mgmt/cm/shared/policymgmt/alert-rules
{
    "name": "my-device-health-rule",
    "description": "Device health rules for devices in Data Center 1",
    "alertTypeId": "device-health",
    "isDefault": false,
    "producerType": "device",
    "alertType": "active",
    "alertContext": "health",
    "includeInternalAlerts": true,
    "aggregationMethod": "or",
    "external": false,
    "nestedRules": [{
        "alertTypeId": "device-cpu",
        "alertRuleType": "nested-metric",
        "warningThreshold": 60,
        "errorThreshold": 80,
        "observation": 1440,
        "referenceObservation": 10080,
        "errorDelta": 3,
        "unit": "percent",
        "operator": "greater-than",
        "enabled": true
    }],
    "alertRuleReferences": [{
        "name": "custom-health-rule-dc2",
        "link": "https://localhost/mgmt/cm/shared/policymgmt/alert-rules/custom-health-rule-dc2",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "applicationReferences": [{
        "name": "app1",
        "link": "https://configuration/app1",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "deviceReferences": [{
        "name": "bigip1.mgmt.foo.bar.com",
        "link": "https://configuration/device/uri",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "ssgReferences": [{
        "name": "ssg1",
        "link": "https://localhost/mgmt/cm/cloud/service-scaling-groups/9aa32232-2d42-4df3-4d33-sdc2313454fb",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "deviceGroupReferences": [{
        "name": No example value specified,
        "link": No example value specified,
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "alertRuleType": "metric",
    "warningThreshold": -1.0,
    "errorThreshold": 0.1,
    "unit": "percent",
    "operator": "greater-than",
    "observation": 1440,
    "referenceObservation": 10080,
    "errorDelta": 3,
    "enabled": true,
    "isPublic": true
}

Response

HTTP/1.1 200 OK
{
    "name": "my-device-health-rule",
    "description": "Device health rules for devices in Data Center 1",
    "alertTypeId": "device-health",
    "isDefault": false,
    "producerType": "device",
    "alertType": "active",
    "alertContext": "health",
    "includeInternalAlerts": true,
    "aggregationMethod": "or",
    "external": false,
    "nestedRules": [{
        "alertTypeId": "device-cpu",
        "alertRuleType": "nested-metric",
        "warningThreshold": 60,
        "errorThreshold": 80,
        "observation": 1440,
        "referenceObservation": 10080,
        "errorDelta": 3,
        "unit": "percent",
        "operator": "greater-than",
        "enabled": true
    }],
    "alertRuleReferences": [{
        "name": "custom-health-rule-dc2",
        "link": "https://localhost/mgmt/cm/shared/policymgmt/alert-rules/custom-health-rule-dc2",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "applicationReferences": [{
        "name": "app1",
        "link": "https://configuration/app1",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "deviceReferences": [{
        "name": "bigip1.mgmt.foo.bar.com",
        "link": "https://configuration/device/uri",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "ssgReferences": [{
        "name": "ssg1",
        "link": "https://localhost/mgmt/cm/cloud/service-scaling-groups/9aa32232-2d42-4df3-4d33-sdc2313454fb",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "deviceGroupReferences": [{
        "name": No example value specified,
        "link": No example value specified,
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "alertRuleType": "metric",
    "warningThreshold": -1.0,
    "errorThreshold": 0.1,
    "unit": "percent",
    "operator": "greater-than",
    "observation": 1440,
    "referenceObservation": 10080,
    "errorDelta": 3,
    "enabled": true,
    "isPublic": true
}

Edit an alert rule

PATCH /mgmt/cm/shared/policymgmt/alert-rules/<name>
{
    "description": "Device health rules for devices in Data Center 1",
    "alertTypeId": "device-health",
    "isDefault": false,
    "producerType": "device",
    "alertType": "active",
    "alertContext": "health",
    "includeInternalAlerts": true,
    "aggregationMethod": "or",
    "external": false,
    "nestedRules": [{
        "alertTypeId": "device-cpu",
        "alertRuleType": "nested-metric",
        "warningThreshold": 60,
        "errorThreshold": 80,
        "observation": 1440,
        "referenceObservation": 10080,
        "errorDelta": 3,
        "unit": "percent",
        "operator": "greater-than",
        "enabled": true
    }],
    "alertRuleReferences": [{
        "name": "custom-health-rule-dc2",
        "link": "https://localhost/mgmt/cm/shared/policymgmt/alert-rules/custom-health-rule-dc2",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "applicationReferences": [{
        "name": "app1",
        "link": "https://configuration/app1",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "deviceReferences": [{
        "name": "bigip1.mgmt.foo.bar.com",
        "link": "https://configuration/device/uri",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "ssgReferences": [{
        "name": "ssg1",
        "link": "https://localhost/mgmt/cm/cloud/service-scaling-groups/9aa32232-2d42-4df3-4d33-sdc2313454fb",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "deviceGroupReferences": [{
        "name": No example value specified,
        "link": No example value specified,
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "alertRuleType": "metric",
    "warningThreshold": -1.0,
    "errorThreshold": 0.1,
    "unit": "percent",
    "operator": "greater-than",
    "observation": 1440,
    "referenceObservation": 10080,
    "errorDelta": 3,
    "enabled": true,
    "isPublic": true
}

Response

HTTP/1.1 200 OK
{
    "name": "my-device-health-rule",
    "description": "Device health rules for devices in Data Center 1",
    "alertTypeId": "device-health",
    "isDefault": false,
    "producerType": "device",
    "alertType": "active",
    "alertContext": "health",
    "includeInternalAlerts": true,
    "aggregationMethod": "or",
    "external": false,
    "nestedRules": [{
        "alertTypeId": "device-cpu",
        "alertRuleType": "nested-metric",
        "warningThreshold": 60,
        "errorThreshold": 80,
        "observation": 1440,
        "referenceObservation": 10080,
        "errorDelta": 3,
        "unit": "percent",
        "operator": "greater-than",
        "enabled": true
    }],
    "alertRuleReferences": [{
        "name": "custom-health-rule-dc2",
        "link": "https://localhost/mgmt/cm/shared/policymgmt/alert-rules/custom-health-rule-dc2",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "applicationReferences": [{
        "name": "app1",
        "link": "https://configuration/app1",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "deviceReferences": [{
        "name": "bigip1.mgmt.foo.bar.com",
        "link": "https://configuration/device/uri",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "ssgReferences": [{
        "name": "ssg1",
        "link": "https://localhost/mgmt/cm/cloud/service-scaling-groups/9aa32232-2d42-4df3-4d33-sdc2313454fb",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "deviceGroupReferences": [{
        "name": No example value specified,
        "link": No example value specified,
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "alertRuleType": "metric",
    "warningThreshold": -1.0,
    "errorThreshold": 0.1,
    "unit": "percent",
    "operator": "greater-than",
    "observation": 1440,
    "referenceObservation": 10080,
    "errorDelta": 3,
    "enabled": true,
    "isPublic": true
}

Delete an alert rules

DELETE /mgmt/cm/shared/policymgmt/alert-rules/<name>

Response

HTTP/1.1 200 OK
{
    "name": "my-device-health-rule",
    "description": "Device health rules for devices in Data Center 1",
    "alertTypeId": "device-health",
    "isDefault": false,
    "producerType": "device",
    "alertType": "active",
    "alertContext": "health",
    "includeInternalAlerts": true,
    "aggregationMethod": "or",
    "external": false,
    "nestedRules": [{
        "alertTypeId": "device-cpu",
        "alertRuleType": "nested-metric",
        "warningThreshold": 60,
        "errorThreshold": 80,
        "observation": 1440,
        "referenceObservation": 10080,
        "errorDelta": 3,
        "unit": "percent",
        "operator": "greater-than",
        "enabled": true
    }],
    "alertRuleReferences": [{
        "name": "custom-health-rule-dc2",
        "link": "https://localhost/mgmt/cm/shared/policymgmt/alert-rules/custom-health-rule-dc2",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "applicationReferences": [{
        "name": "app1",
        "link": "https://configuration/app1",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "deviceReferences": [{
        "name": "bigip1.mgmt.foo.bar.com",
        "link": "https://configuration/device/uri",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "ssgReferences": [{
        "name": "ssg1",
        "link": "https://localhost/mgmt/cm/cloud/service-scaling-groups/9aa32232-2d42-4df3-4d33-sdc2313454fb",
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "deviceGroupReferences": [{
        "name": No example value specified,
        "link": No example value specified,
        "filter": {
            "field": No example value specified,
            "value": No example value specified
        }
    }],
    "alertRuleType": "metric",
    "warningThreshold": -1.0,
    "errorThreshold": 0.1,
    "unit": "percent",
    "operator": "greater-than",
    "observation": 1440,
    "referenceObservation": 10080,
    "errorDelta": 3,
    "enabled": true,
    "isPublic": true
}