Get Stream Rule Command Templates

Retrieves a list of all stream rule command templates.

Tip
The stream rule command template is to support GUI-style editing of stream rules.

HTTP Request

GET /api/sonar/stream-rule-command-templates
Request using cURL
curl -H "Authorization: Bearer <API_KEY>" \
     https://HOSTNAME/api/sonar/stream-rule-command-templates

Success Response

Below is a portion of the full list of real-time detection command templates.

{
  "templates": [
    {
      "id": 2,
      "name": "Match IP",
      "field_type": "IP",
      "description": null,
      "config_specs": [
        {
          "name": "ip",
          "type": "string",
          "subtype": "ip",
          "display_name": "IP address",
          "description": "Enter the IP to compare with."
        }
      ],
      "query": "search $field$ == ip($ip$)",
      "query2": "search $field$ != ip($ip$)"
    },
    {
      "id": 3,
      "name": "Match subnet",
      "field_type": "IP",
      "description": null,
      "config_specs": [
        {
          "name": "subnet",
          "type": "string",
          "subtype": "subnet",
          "display_name": "Subnet",
          "description": "Select a subnet to compare."
        }
      ],
      "query": "matchnet field=$field$ guid=$subnet$ verify=f",
      "query2": "matchnet invert=t field=$field$ guid=$subnet$ verify=f"
    }
  ]
}
  • templates (Array): List of all stream rule command templates
    • id (32-bit integer): Template ID
    • name (String): Template name
    • field_type (String): Applicable field type. One of the following: DATE, IP, PORT, STRING, SHORT, INT, LONG, MD5, URL.
    • description (String): Template description
    • config_specs (Array): Template variable specification
      • name (String): Variable name
      • type (String): Variable type. One of the following: string, number, array.
      • subtype (String): UI rendering hint, such as ip, date, country, port_group. To support component selection with autocomplete and validation.
      • display_name (String): Display name in locale language
      • description (String): Description in locale language
    • query (String): Query string to be applied in the AND condition
    • query2 (String): Query string to be applied in the NOT condition