From a4d7d9f17f866ce0fbf2d4de30795e74f052747a Mon Sep 17 00:00:00 2001 From: SeaBlooms Date: Wed, 28 Aug 2024 21:20:16 -0600 Subject: [PATCH] add list_configured_alert_rules --- jupiterone/client.py | 31 ++++++++++++++++-- jupiterone/constants.py | 70 ++++++++++++++++++++++++++++++++++++++++- 2 files changed, 98 insertions(+), 3 deletions(-) diff --git a/jupiterone/client.py b/jupiterone/client.py index a1f2b45..3409315 100644 --- a/jupiterone/client.py +++ b/jupiterone/client.py @@ -35,6 +35,7 @@ CREATE_SMARTCLASS_QUERY, EVALUATE_SMARTCLASS, GET_SMARTCLASS_DETAILS, + LIST_RULE_INSTANCES ) @@ -518,7 +519,7 @@ def finalize_sync_job(self, instance_job_id: str = None): response = self._execute_syncapi_request(endpoint=endpoint, payload=data) return response - + def fetch_integration_jobs(self, instance_id: str = None): """Fetch Integration Job details from defined integration instance. @@ -533,7 +534,7 @@ def fetch_integration_jobs(self, instance_id: str = None): response = self._execute_query(INTEGRATION_JOB_VALUES, variables=variables) return response['data']['integrationJobs'] - + def fetch_integration_job_events(self, instance_id: str = None, instance_job_id: str = None): """Fetch events within an integration job run. @@ -619,3 +620,29 @@ def get_smartclass_details(self, smartclass_id: str = None): response = self._execute_query(GET_SMARTCLASS_DETAILS, variables=variables) return response['data']['smartClass'] + + def list_configured_alert_rules(self): + """List defined Alert Rules configured in J1 account + + """ + + variables = { + "limit": 100 + } + + response = self._execute_query(LIST_RULE_INSTANCES, variables=variables) + + return response['data']['listRuleInstances'] + + def list_alert_rules(self): + """List defined Alert Rules configured in J1 account + + """ + + variables = { + "limit": 100 + } + + response = self._execute_query(LIST_RULE_INSTANCES, variables=variables) + + return response['data']['listRuleInstances'] diff --git a/jupiterone/constants.py b/jupiterone/constants.py index 6874f1d..0e9aa31 100644 --- a/jupiterone/constants.py +++ b/jupiterone/constants.py @@ -300,4 +300,72 @@ __typename } } -""" \ No newline at end of file +""" + +LIST_RULE_INSTANCES = """ + query listRuleInstances( + $limit: Int, + $cursor: String, + $filters: ListRuleInstancesFilters) { + listRuleInstances( + limit: $limit, + cursor: $cursor, + filters: $filters) { + questionInstances { + ...RuleInstanceFields + __typename + } + pageInfo { + hasNextPage + endCursor + __typename + } + __typename + } + } + + fragment RuleInstanceFields on QuestionRuleInstance { + id + accountId + name + description + version + lastEvaluationStartOn + lastEvaluationEndOn + evaluationStep + specVersion + notifyOnFailure + triggerActionsOnNewEntitiesOnly + pollingInterval + templates + outputs + question { + queries { + query + name + version + includeDeleted + __typename + } + __typename + } + questionId + latest + deleted + type + operations { + when + actions + __typename + } + latestAlertId + latestAlertIsActive + state { + actions + __typename + } + tags + remediationSteps + __typename + } +"""