add list_configured_alert_rules

JupiterOne · Aug 29, 2024 · a4d7d9f · a4d7d9f
1 parent 18c6b03
commit a4d7d9f
Show file tree

Hide file tree

Showing 2 changed files with 98 additions and 3 deletions.
diff --git a/jupiterone/client.py b/jupiterone/client.py
@@ -35,6 +35,7 @@
     CREATE_SMARTCLASS_QUERY,
     EVALUATE_SMARTCLASS,
     GET_SMARTCLASS_DETAILS,
+    LIST_RULE_INSTANCES
 )
 
 
@@ -518,7 +519,7 @@ def finalize_sync_job(self, instance_job_id: str = None):
         response = self._execute_syncapi_request(endpoint=endpoint, payload=data)
 
         return response
-    
+
     def fetch_integration_jobs(self, instance_id: str = None):
         """Fetch Integration Job details from defined integration instance.
 
@@ -533,7 +534,7 @@ def fetch_integration_jobs(self, instance_id: str = None):
         response = self._execute_query(INTEGRATION_JOB_VALUES, variables=variables)
 
         return response['data']['integrationJobs']
-    
+
     def fetch_integration_job_events(self, instance_id: str = None, instance_job_id: str = None):
         """Fetch events within an integration job run.
 
@@ -619,3 +620,29 @@ def get_smartclass_details(self, smartclass_id: str = None):
         response = self._execute_query(GET_SMARTCLASS_DETAILS, variables=variables)
 
         return response['data']['smartClass']
+
+    def list_configured_alert_rules(self):
+        """List defined Alert Rules configured in J1 account
+
+        """
+
+        variables = {
+                    "limit": 100
+        }
+
+        response = self._execute_query(LIST_RULE_INSTANCES, variables=variables)
+
+        return response['data']['listRuleInstances']
+
+    def list_alert_rules(self):
+        """List defined Alert Rules configured in J1 account
+
+        """
+
+        variables = {
+                    "limit": 100
+        }
+
+        response = self._execute_query(LIST_RULE_INSTANCES, variables=variables)
+
+        return response['data']['listRuleInstances']
diff --git a/jupiterone/constants.py b/jupiterone/constants.py
@@ -300,4 +300,72 @@
         __typename
       }
     }
-"""
+"""
+
+LIST_RULE_INSTANCES = """
+    query listRuleInstances(
+        $limit: Int, 
+        $cursor: String, 
+        $filters: ListRuleInstancesFilters) {
+      listRuleInstances(
+        limit: $limit, 
+        cursor: $cursor, 
+        filters: $filters) {
+        questionInstances {
+          ...RuleInstanceFields
+          __typename
+        }
+        pageInfo {
+          hasNextPage
+          endCursor
+          __typename
+        }
+        __typename
+      }
+    }
+
+    fragment RuleInstanceFields on QuestionRuleInstance {
+      id
+      accountId
+      name
+      description
+      version
+      lastEvaluationStartOn
+      lastEvaluationEndOn
+      evaluationStep
+      specVersion
+      notifyOnFailure
+      triggerActionsOnNewEntitiesOnly
+      pollingInterval
+      templates
+      outputs
+      question {
+        queries {
+          query
+          name
+          version
+          includeDeleted
+          __typename
+        }
+        __typename
+      }
+      questionId
+      latest
+      deleted
+      type
+      operations {
+        when
+        actions
+        __typename
+      }
+      latestAlertId
+      latestAlertIsActive
+      state {
+        actions
+        __typename
+      }
+      tags
+      remediationSteps
+      __typename
+    }
+"""