Get Stream Rule Command Templates
Retrieves a list of all stream rule command templates.
Tip
The stream rule command template is to support GUI-style editing of stream rules.
Required Permissions
Requires the MEMBER role or higher.
HTTP Request
GET /api/sonar/stream-rule-command-templates
cURL Example
curl -H "Authorization: Bearer <API_KEY>" \
https://HOSTNAME/api/sonar/stream-rule-command-templates
Success Response
Below is a portion of the full list of real-time detection command templates.
{
"templates": [
{
"id": 2,
"name": "Match IP",
"field_type": "IP",
"description": null,
"config_specs": [
{
"name": "ip",
"type": "string",
"subtype": "ip",
"display_name": "IP address",
"description": "Enter the IP to compare with."
}
],
"query": "search $field$ == ip($ip$)",
"query2": "search $field$ != ip($ip$)"
},
{
"id": 3,
"name": "Match subnet",
"field_type": "IP",
"description": null,
"config_specs": [
{
"name": "subnet",
"type": "string",
"subtype": "subnet",
"display_name": "Subnet",
"description": "Select a subnet to compare."
}
],
"query": "matchnet field=$field$ guid=$subnet$ verify=f",
"query2": "matchnet invert=t field=$field$ guid=$subnet$ verify=f"
}
]
}
- templates (Array): List of all stream rule command templates
- id (32-bit integer): Template ID
- name (String): Template name
- field_type (String): Applicable field type. One of the following:
DATE,IP,PORT,STRING,SHORT,INT,LONG,MD5,URL. - description (String): Template description
- config_specs (Array): Template variable specification
- name (String): Variable name
- type (String): Variable type. One of the following:
string,number,array. - subtype (String): UI rendering hint, such as
ip,date,country,port_group. To support component selection with autocomplete and validation. - display_name (String): Display name in locale language
- description (String): Description in locale language
- query (String): Query string to be applied in the AND condition
- query2 (String): Query string to be applied in the NOT condition