Skip to content

Commit 5bbd2dd

Browse files
abowersox-cbabowersox-cb
committed
added documentation for Alerts v6 to the PSC API page
1 parent 371b6d4 commit 5bbd2dd

File tree

1 file changed

+92
-0
lines changed

1 file changed

+92
-0
lines changed

docs/psc-api.rst

Lines changed: 92 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,3 +42,95 @@ Selects all devices running Linux from the current organization.
4242
:members:
4343
:undoc-members:
4444

45+
Alerts API
46+
----------
47+
48+
Using the API, you can search for alerts within your organization, and dismiss or
49+
undismiss them, either individually or in bulk.
50+
51+
You can use the select() method on the CbPSCBaseAPI to create a query object for
52+
BaseAlert objects, which can be used to locate a list of alerts. You can also
53+
search for more specialized alert types:
54+
55+
* CBAnalyticsAlert - Alerts from CB Analytics
56+
* VMwareAlert - Alerts from VMware
57+
* WatchlistAlert - Alerts from watch lists
58+
59+
*Example:*
60+
61+
>>> cbapi = CbPSCBaseAPI(...)
62+
>>> alerts = cbapi.select(BaseAlert).device_os(["WINDOWS"]).process_name(["IEXPLORE.EXE"])
63+
64+
Selects all alerts on a Windows device running the Internet Explorer process.
65+
66+
Individual alerts may have their status changed using the dismiss() or undismiss()
67+
methods on the BaseAlert object. To dismiss multiple alerts at once, you can use
68+
the bulk_alert_dismiss() or bulk_alert_undismiss() methods on the CbPSCBaseAPI
69+
object to set up a query, which you can add criteria to just as with a search
70+
query. When you call the run() method on the query, a WorkflowStatus object is
71+
returned; querying this object's "finished" property will let you know when the
72+
operation is finished.
73+
74+
*Example:*
75+
76+
>>> cbapi = CbPSCBaseAPI(...)
77+
>>> query = cbapi.bulk_alert_dismiss("ALERT").process_name(["IEXPLORE.EXE"])
78+
>>> stat = query.remediation("Using Chrome").run()
79+
80+
Dismisses all alerts which reference the Internet Explorer process.
81+
82+
**Query Objects:**
83+
84+
.. autoclass:: cbapi.psc.query.BaseAlertSearchQuery
85+
:members:
86+
87+
.. autoclass:: cbapi.psc.query.CBAnalyticsAlertSearchQuery
88+
:members:
89+
90+
.. autoclass:: cbapi.psc.query.VMwareAlertSearchQuery
91+
:members:
92+
93+
.. autoclass:: cbapi.psc.query.WatchlistAlertSearchQuery
94+
:members:
95+
96+
.. autoclass:: cbapi.psc.query.BulkUpdateAlerts
97+
:members:
98+
99+
.. autoclass:: cbapi.psc.query.BulkUpdateCBAnalyticsAlerts
100+
:members:
101+
102+
.. autoclass:: cbapi.psc.query.BulkUpdateVMwareAlerts
103+
:members:
104+
105+
.. autoclass:: cbapi.psc.query.BulkUpdateWatchlistAlerts
106+
:members:
107+
108+
.. autoclass:: cbapi.psc.query.BulkUpdateThreatAlerts
109+
:members:
110+
111+
**Model Objects:**
112+
113+
.. autoclass:: cbapi.psc.models.Workflow
114+
:members:
115+
:undoc-members:
116+
117+
.. autoclass:: cbapi.psc.models.BaseAlert
118+
:members:
119+
:undoc-members:
120+
121+
.. autoclass:: cbapi.psc.models.CBAnalyticsAlert
122+
:members:
123+
:undoc-members:
124+
125+
.. autoclass:: cbapi.psc.models.VMwareAlert
126+
:members:
127+
:undoc-members:
128+
129+
.. autoclass:: cbapi.psc.models.WatchlistAlert
130+
:members:
131+
:undoc-members:
132+
133+
.. autoclass:: cbapi.psc.models.WorkflowStatus
134+
:members:
135+
:undoc-members:
136+

0 commit comments

Comments
 (0)