Aetuner¶
Client¶
-
class
Aetuner.
Client
¶ A client object representing ‘Aetuner’ Service:
import almdrlib client = almdrlib.client('aetuner')
Available methods:
-
get_analytic
(**kwargs)¶ Returns an analytic for a specific customer
Request Syntax
response = client.get_analytic( account_id='string' audit_events_limit='integer' enable_new='False|True' explain='False|True' handling_key='string' include_audit_events='False|True' include_stacktrace='False|True' key='string' path='string' severity_key='string' sql_field_values={} tuning_tagset_key='string' tuning_tagset_path='string' tuning_tagset_value='string' visibility_key='string' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
audit_events_limit (integer) – Limit the number of audit events to this number
enable_new (boolean) –
explain (boolean) – Explain how tunings are calculated or updates
handling_key (string) – Handling tagset tuning key. Used for getting tuning tagset value instead of default.
include_audit_events (boolean) – When set to true returns audit events for the tuning tagsets in the analytic
include_stacktrace (boolean) –
key (string) – Tuning tagset key, defaults to the analytic name
path (string) –
[REQUIRED]
Analytic Name
severity_key (string) – Severity tagset tuning key. Used for getting tuning tagset value instead of default.
sql_field_values (dict) – A map of values for SQL fields, example {“bf_protocol”:”windows”}
tuning_tagset_key (string) –
tuning_tagset_path (string) –
tuning_tagset_value (string) –
visibility_key (string) – Visiblity tagset tuning key. Used for getting tuning tagset value instead of default.
- Return type
dict
- Returns
Response Syntax
{ 'data_type': 'logmsgs'|'observation'|'telemetry', 'display_name': 'string', 'inherited': 'False|True', 'name': 'string', 'observation': { 'generate': 'string', 'keys': {}, 'parents': 'string', 'scope': 'string', 'scope_type': 'string', 'severity': 'string', 'visibility': 'string' }, 'path': 'string', 'severity': 'string', 'sql': 'string', 'visibility': 'string' }
Response Definitions
data_type (string) –
Data Type used to generate analytic outcome.
Valid values:
logmsgs
,observation
,telemetry
display_name (string) –
inherited (boolean) –
name (string) –
observation (dict) –
Observation Information
generate (string) –
keys (dict) –
parents (string) –
scope (string) –
scope_type (string) –
severity (string) –
Tagset name for severity tags
visibility (string) –
Tagset name for visibility tags
path (string) –
severity (string) –
sql (string) –
visibility (string) –
-
get_healthcheck
(**kwargs)¶ Check health status of the service.
Request Syntax
response = client.get_healthcheck( )
- Returns
None
-
get_incident_handling
(**kwargs)¶ Return incident type handling setting
Request Syntax
response = client.get_incident_handling( account_id='string' path='string' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
path (string) –
[REQUIRED]
Incident Type Fully Qualified Name
- Return type
dict
- Returns
Response Syntax
{ 'path': 'string', 'settings': [ 'auto_soc_close'|'auto_escalate'|'auto_customer_close' ] }
Response Definitions
path (string) –
Handling preferences path.
settings (list) –
List of applicable handling settings
(string) –
auto_soc_close
- is only relevant to incident being shown to SOC or not, no other behaviour or values are affected.If True, will bypass the SOC and become available in the Customer Console.
auto_escalate
- is only relevant to whether the customer receives an email notification or not, no other behaviour or values are affected.If an incident is escalated, and becomes soc-closed, a notification will be generated with the escalations flag set to True.
auto_customer_close
- is only relevant to whether the customer sees the incident as “Closed” in the Customer Console or not, no other behaviour or values are affected.If True, the incident will only show in the Customer Console under the ‘Closed’ filter.
Valid values:
auto_soc_close
,auto_escalate
,auto_customer_close
-
get_incident_tunables
(**kwargs)¶ Returns a list of all the tags that can be tuned and sample alcli commands to tune them.
Request Syntax
response = client.get_incident_tunables( account_id='string' incident_id='string' )
- Parameters
account_id (string) – [REQUIRED]
incident_id (string) – [REQUIRED]
- Return type
dict
- Returns
Response Syntax
{ 'tunings': [ { 'keys': [ { 'name': 'string', 'type': 'string' } ], 'name': 'string', 'tuning_command': 'string', 'type': 'string', 'value': {} } ] }
Response Definitions
tunings (list) –
(dict) –
keys (list) –
(dict) –
name (string) –
type (string) –
name (string) –
tagset name
tuning_command (string) –
alcli sample command
type (string) –
value (dict) –
-
get_incident_type
(**kwargs)¶ Return incident type for a specific customer by it’s name
Request Syntax
response = client.get_incident_type( account_id='string' path='string' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
path (string) –
[REQUIRED]
Incident Type Fully Qualified Name
- Return type
dict
- Returns
Response Syntax
{ 'analytics': [ 'string' ], 'incident_handling': 'auto_soc_close'|'auto_escalate'|'auto_customer_close', 'path': 'string', 'severity': 'info'|'low'|'medium'|'high'|'critical', 'visibility': 'observation'|'incident'|'test' }
Response Definitions
analytics (list) –
List of Analytics that can generate this incident type
(string) –
incident_handling (string) –
auto_soc_close
- is only relevant to incident being shown to SOC or not, no other behaviour or values are affected.If True, will bypass the SOC and become available in the Customer Console.
auto_escalate
- is only relevant to whether the customer receives an email notification or not, no other behaviour or values are affected.If an incident is escalated, and becomes soc-closed, a notification will be generated with the escalations flag set to True.
auto_customer_close
- is only relevant to whether the customer sees the incident as “Closed” in the Customer Console or not, no other behaviour or values are affected.If True, the incident will only show in the Customer Console under the ‘Closed’ filter.
Valid values:
auto_soc_close
,auto_escalate
,auto_customer_close
path (string) –
Fully qualifed name of an incident type
severity (string) –
Severity of an incident
Valid values:
info
,low
,medium
,high
,critical
visibility (string) –
Visibility of an incident
Valid values:
observation
,incident
,test
Returns an analytic for a specific customer
Request Syntax
response = client.get_tagset( account_id='string' audit_events_limit='integer' explain='False|True' include_audit_events='False|True' key='string' path='string' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
audit_events_limit (integer) – Limit of audit events to include
explain (boolean) – Explain how tunings are calculated or updates
include_audit_events (boolean) – Include audit events
key (string) – Key in the tagset
path (string) – Name of a tagset
- Return type
dict
- Returns
Response Syntax
{ 'data_type': 'logmsgs'|'observation'|'telemetry', 'display_name': 'string', 'inherited': 'False|True', 'name': 'string', 'observation': { 'generate': 'string', 'keys': {}, 'parents': 'string', 'scope': 'string', 'scope_type': 'string', 'severity': 'string', 'visibility': 'string' }, 'path': 'string', 'severity': 'string', 'sql': 'string', 'visibility': 'string' }
Response Definitions
data_type (string) –
Data Type used to generate analytic outcome.
Valid values:
logmsgs
,observation
,telemetry
display_name (string) –
inherited (boolean) –
name (string) –
observation (dict) –
Observation Information
generate (string) –
keys (dict) –
parents (string) –
scope (string) –
scope_type (string) –
severity (string) –
Tagset name for severity tags
visibility (string) –
Tagset name for visibility tags
path (string) –
severity (string) –
sql (string) –
visibility (string) –
-
get_version
(**kwargs)¶ Get the AEtuner version
Request Syntax
response = client.get_version( )
- Returns
None
-
list_analytics
(**kwargs)¶ List analytics for an account
Request Syntax
response = client.list_analytics( account_id='string' datatype='logsmsgs'|'observations'|'telemetry' output='all'|'correlations'|'analytics' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
datatype (string) –
Data type used for analytics generation. If this parameter omitted, analytics for all data types are returned.
Valid values:
logsmsgs
,observations
,telemetry
output (string) –
What to include in the response
Valid values:
all
,correlations
,analytics
Default:
all
- Return type
dict
- Returns
Response Syntax
{ 'logmsgs': [ 'string' ], 'observations': [ 'string' ], 'telemetry': [ 'string' ] }
Response Definitions
logmsgs (list) –
List of log-based analytics
(string) –
observations (list) –
(string) –
telemetry (list) –
(string) –
-
list_incident_handlings
(**kwargs)¶ Returns a list of all incident handling settings for a given customer
Request Syntax
response = client.list_incident_handlings( account_id='string' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
- Return type
list
- Returns
Response Syntax
[ { 'path': 'string', 'settings': [ 'auto_soc_close'|'auto_escalate'|'auto_customer_close' ] } ]
Response Definitions
(dict) –
Incident Type Handling information.
path (string) –
Handling preferences path.
settings (list) –
List of applicable handling settings
(string) –
auto_soc_close
- is only relevant to incident being shown to SOC or not, no other behaviour or values are affected.If True, will bypass the SOC and become available in the Customer Console.
auto_escalate
- is only relevant to whether the customer receives an email notification or not, no other behaviour or values are affected.If an incident is escalated, and becomes soc-closed, a notification will be generated with the escalations flag set to True.
auto_customer_close
- is only relevant to whether the customer sees the incident as “Closed” in the Customer Console or not, no other behaviour or values are affected.If True, the incident will only show in the Customer Console under the ‘Closed’ filter.
Valid values:
auto_soc_close
,auto_escalate
,auto_customer_close
-
list_incident_types
(**kwargs)¶ List all incident types for a specific customer
Request Syntax
response = client.list_incident_types( account_id='string' )
- Parameters
account_id (string) – [REQUIRED]
- Return type
list
- Returns
Response Syntax
[ 'string' ]
Response Definitions
(string) –
-
reset_all_analytics_handling
(**kwargs)¶ Reset all Analytics handling
Request Syntax
response = client.reset_all_analytics_handling( account_id='string' dry_run='False|True' reason='string' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
dry_run (boolean) – DRY RUN only
reason (string) –
[REQUIRED]
Reason for the performing the reset. This information is used for auditing purposes.
- Return type
dict
- Returns
Response Syntax
{ 'handling_update': 'dict|list' }
Response Definitions
handling_update (dict) –
-
reset_all_analytics_severity
(**kwargs)¶ Reset all Analytics severity
Request Syntax
response = client.reset_all_analytics_severity( account_id='string' dry_run='False|True' reason='string' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
dry_run (boolean) – DRY RUN only
reason (string) –
[REQUIRED]
Reason for the performing the reset. This information is used for auditing purposes.
- Return type
dict
- Returns
Response Syntax
{ 'severity_update': 'dict|list' }
Response Definitions
severity_update (dict) –
-
reset_all_analytics_visibility
(**kwargs)¶ Reset all Analytics visibility
Request Syntax
response = client.reset_all_analytics_visibility( account_id='string' dry_run='False|True' reason='string' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
dry_run (boolean) – DRY RUN only
reason (string) –
[REQUIRED]
Reason for the performing the reset. This information is used for auditing purposes.
- Return type
dict
- Returns
Response Syntax
{ 'handling_update': 'dict|list' }
Response Definitions
handling_update (dict) –
-
reset_analytic
(**kwargs)¶ Reset an analytic
Request Syntax
response = client.reset_analytic( account_id='string' path='string' reason='string' severity='False|True' tuning=[ 'string' ] visibility='False|True' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
path (string) –
[REQUIRED]
Analytic Fully Qualified Name
reason (string) –
[REQUIRED]
Reason for the performing the reset. This information is used for auditing purposes.
severity (boolean) –
tuning (list) –
List of tuning keys to reset
(string) –
visibility (boolean) –
- Returns
None
-
reset_incident_handling
(**kwargs)¶ Reset Incident Handling setting
Request Syntax
response = client.reset_incident_handling( account_id='string' path='string' reason='string' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
path (string) –
[REQUIRED]
Incident Type Fully Qualified Name
reason (string) –
[REQUIRED]
Reason for a change
- Returns
None
-
reset_incident_type
(**kwargs)¶ Reset Incident Type properties
Request Syntax
response = client.reset_incident_type( account_id='string' exclude='severity'|'visibility' path='string' reason='string' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
exclude (string) – Valid values:
severity
,visibility
path (string) –
[REQUIRED]
Incident Type Fully Qualified Name
reason (string) –
[REQUIRED]
Reason for a change.
- Returns
None
-
tuning_report
(**kwargs)¶ Returns a shell command that can be run to produce the desired report.
Example:
bash -c “$(alcli aetuner tuning_report –command get_tuning_for_tagset –path IncidentVisibilityMap)”
Request Syntax
response = client.tuning_report( cid='string' command='get_tuning_for_tagset'|'get_tuning_for_analytic'|'get_tuning_for_account_id' exclude='string' observation_path='string' path='string' return_values='False|True' )
- Parameters
cid (string) –
[REQUIRED]
Customer Account ID
command (string) –
[REQUIRED]
Command to run
Valid values:
get_tuning_for_tagset
,get_tuning_for_analytic
,get_tuning_for_account_id
exclude (string) –
[REQUIRED]
Comma separated list of paths to exclude for get_tuning_for_analytic command
observation_path (string) –
[REQUIRED]
Path or Name of the observation generated by the analytic, defaults to the name of the Analytic
path (string) –
[REQUIRED]
Path or Name of an analytic or tagset
return_values (boolean) –
[REQUIRED]
If true return the values of the tagsets, otherwise just return the keys
- Returns
None
-
update_analytic
(**kwargs)¶ Update an analytic
Request Syntax
response = client.update_analytic( account_id='string' audit_events_limit='integer' disable_validation='False|True' dry_run='False|True' enable_new='False|True' explain='False|True' handling=[ 'auto_soc_close'|'auto_escalate'|'auto_customer_close' ] handling_key='string' include_audit_events='False|True' include_stacktrace='False|True' key='string' path='string' reason='string' severity='info'|'low'|'medium'|'high'|'critical' severity_key='string' sql_field_values={} tuning={ 'threshold': 'integer' } tuning_list={ 'key': 'string', 'name': 'string', 'operation': 'add'|'subtract', 'values': [ 'string' ] } tuning_tagset_key='string' tuning_tagset_path='string' tuning_tagset_value='string' visibility='observation'|'incident'|'test' visibility_key='string' xtuning=[ { 'key': 'string', 'operation': 'add'|'subtract'|'write'|'delete', 'path': 'string', 'type': 'severity'|'visibility'|'threshold'|'handling'|'whitelist'|'blacklist', 'value': 'list|integer|string' } ] )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
audit_events_limit (integer) – Limit the number of audit events to this number
disable_validation (boolean) –
Disable the check that tuning referes to a tagset referenced by the analytic. Use if there is a tuning tagset that is not detected to be refernced by an analytic
Default:
False
dry_run (boolean) – DRY RUN only
enable_new (boolean) –
explain (boolean) – Explain how tunings are calculated or updates
handling (list) –
(string) –
auto_soc_close
- is only relevant to incident being shown to SOC or not, no other behaviour or values are affected.If True, will bypass the SOC and become available in the Customer Console.
auto_escalate
- is only relevant to whether the customer receives an email notification or not, no other behaviour or values are affected.If an incident is escalated, and becomes soc-closed, a notification will be generated with the escalations flag set to True.
auto_customer_close
- is only relevant to whether the customer sees the incident as “Closed” in the Customer Console or not, no other behaviour or values are affected.If True, the incident will only show in the Customer Console under the ‘Closed’ filter.
Valid values:
auto_soc_close
,auto_escalate
,auto_customer_close
handling_key (string) – Handling tagset tuning key. Used for setting tuning tagset value instead of default incident type. If observation tuning specifies custom
key
value - this parameter is needed ifhandling
is updated.include_audit_events (boolean) – When set to true returns audit events for the tuning tagsets in the analytic
include_stacktrace (boolean) –
key (string) – Tuning tagset key, defaults to the analytic name
path (string) –
[REQUIRED]
Analytic Name
reason (string) –
[REQUIRED]
Reason for the performing the update. This information is used for auditing purposes.
severity (string) –
Severity of an incident
Valid values:
info
,low
,medium
,high
,critical
severity_key (string) – Severity tagset tuning key. Used for setting tuning tagset value instead of default incident type. If observation tuning specifies custom
key
value - this parameter is needed ifseverity
is updated.sql_field_values (dict) – A map of values for SQL fields, example {“bf_protocol”:”windows”}
tuning (dict) –
Tuning Parameters. The list of tuning parameters depends on the analytic being tuned. Tunable options can be seen in
tuning_properties
property of theanalytic
object returned by get_analytic for the analytic.threshold (integer) –
Example of property name
tuning_list (dict) –
Object to update a tuning with a list of values
key (string) –
Key in the tuning tagset
name (string) –
Name of the tuning tagset
operation (string) –
Name of the Operation
Valid values:
add
,subtract
values (list) –
Values to add or remove
(string) –
tuning_tagset_key (string) –
tuning_tagset_path (string) –
tuning_tagset_value (string) –
visibility (string) –
Visibility of an incident
Valid values:
observation
,incident
,test
visibility_key (string) – Visibility tagset tuning key. Used for setting tuning tagset value instead of default incident type. If observation tuning specifies custom
key
value - this parameter is needed ifvisibility
is updated.xtuning (list) –
A list of tunings for the analytic.
For visiblity, severity, threshold and handling when the default tagsets are not used it is possible to expliclity provide a tagset path and key in the tagset for tuning. For blacklist and whitelist tuning a tagset path and key must be provided. Examples explain how to use it.
NOTE: Spaces are not allowed between the items of a list.
- Examples:
Severity
{“type”:”severity”,”value”:”low”}
{“type”:”severity”,”path”:”CustomSeverityMap”,”key”:”windows”,”value”:”low”} Visibity to incident
{“type”:”visiblity”,”value”:”incident”}
{“type”:”visiblity”,”path”:”CustomVisibilityMap”,”key”:”windows”,”value”:”incident”} Threshold
threshold:100 Handling
{“type”:”handling”,”operation”:”add”,”value”:”auto_soc_close”}
{“type”:”handling”,”operation”:”subtract”,”value”:”auto_escalate”}
{“type”:”handling”,”operation”:”add”,”path”:”CustomHandlingMap”,”key”:”windows”,”value”:”auto_soc_close”} Whitelist
{“type”:”whitelist”,”operation”:”add”,”path”:”tuning/SomeWhitelist”,”key”:”windows”,”value”:[“1.0.0.0”]}
{“type”:”whitelist”,”operation”:”subtract”,”path”:”tuning/SomeWhitelist”,”key”:”windows”,”value”:[“1.0.0.0”,”2.0.0.0”]} Blacklist
{“type”:”blacklist”,”operation”:add”,”path”:”tuning/SomeBlacklist”,”key”:”windows”,”value”:[“1.0.0.0”]}
{“type”:”blacklist”,”operation”:subtract,”path”:”tuning/SomeBlacklist”,”key”:”windows”,”value”:[“1.0.0.0”,”2.0.0.0”]}
To specify more than one tuning provide them in list like
’[{“type”:”severity”,”value”:”incident”},{“type”:”visibility”,”value”:”high”},{“type”:”threshold”,”value”:”100”}]’
(dict) –
Tuning specification
key (string) –
Explicit tuning tagset key
operation (string) –
Operation to perform
Valid values:
add
,subtract
,write
,delete
path (string) –
Explicit tuning tagset path
type (string) –
Type of the tuning
Valid values:
severity
,visibility
,threshold
,handling
,whitelist
,blacklist
value (dict) –
Value string or a list of string
- Returns
None
-
update_incident_handling
(**kwargs)¶ Set Incident Type handling setting
Request Syntax
response = client.update_incident_handling( account_id='string' path='string' reason='string' setting=[ 'auto_soc_close'|'auto_escalate'|'auto_customer_close' ] )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
path (string) –
[REQUIRED]
Incident Type Fully Qualified Name
reason (string) –
[REQUIRED]
Reason for a change
setting (list) –
[REQUIRED]
(string) –
auto_soc_close
- is only relevant to incident being shown to SOC or not, no other behaviour or values are affected.If True, will bypass the SOC and become available in the Customer Console.
auto_escalate
- is only relevant to whether the customer receives an email notification or not, no other behaviour or values are affected.If an incident is escalated, and becomes soc-closed, a notification will be generated with the escalations flag set to True.
auto_customer_close
- is only relevant to whether the customer sees the incident as “Closed” in the Customer Console or not, no other behaviour or values are affected.If True, the incident will only show in the Customer Console under the ‘Closed’ filter.
Valid values:
auto_soc_close
,auto_escalate
,auto_customer_close
- Return type
dict
- Returns
Response Syntax
{ 'stored': 'string' }
Response Definitions
stored (uuid) –
UUID of the stored record
-
update_incident_type
(**kwargs)¶ Update Incident Type properties
Request Syntax
response = client.update_incident_type( account_id='string' path='string' reason='string' severity='info'|'low'|'medium'|'high'|'critical' visibility='observation'|'incident'|'test' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
path (string) –
[REQUIRED]
Incident Type Fully Qualified Name
reason (string) –
[REQUIRED]
Reason for a change
severity (string) –
Severity of an incident
Valid values:
info
,low
,medium
,high
,critical
visibility (string) –
Visibility of an incident
Valid values:
observation
,incident
,test
- Returns
None
Update a tagset
Request Syntax
response = client.update_tagset( account_id='string' audit_events_limit='integer' dry_run='False|True' explain='False|True' include_audit_events='False|True' key='string' path='string' reason='string' xtuning=[ { 'key': 'string', 'operation': 'add'|'subtract'|'write'|'delete', 'path': 'string', 'type': 'severity'|'visibility'|'threshold'|'handling'|'whitelist'|'blacklist', 'value': 'list|integer|string' } ] )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
audit_events_limit (integer) – Limit of audit events to include
dry_run (boolean) – DRY RUN only
explain (boolean) – Explain how tunings are calculated or updates
include_audit_events (boolean) – Include audit events
key (string) – Key in the tagset
path (string) – Name of a tagset
reason (string) –
[REQUIRED]
Reason for the performing the update. This information is used for auditing purposes.
xtuning (list) –
A list of tunings for the analytic.
For visiblity, severity, threshold and handling when the default tagsets are not used it is possible to expliclity provide a tagset path and key in the tagset for tuning. For blacklist and whitelist tuning a tagset path and key must be provided. Examples explain how to use it.
NOTE: Spaces are not allowed between the items of a list.
- Examples:
Severity
{“type”:”severity”,”value”:”low”}
{“type”:”severity”,”path”:”CustomSeverityMap”,”key”:”windows”,”value”:”low”} Visibity to incident
{“type”:”visiblity”,”value”:”incident”}
{“type”:”visiblity”,”path”:”CustomVisibilityMap”,”key”:”windows”,”value”:”incident”} Threshold
threshold:100 Handling
{“type”:”handling”,”operation”:”add”,”value”:”auto_soc_close”}
{“type”:”handling”,”operation”:”subtract”,”value”:”auto_soc_close”}
{“type”:”handling”,”operation”:”add”,”path”:”CustomHandlingMap”,”key”:”windows”,”value”:”auto_soc_close”} Whitelist
{“type”:”whitelist”,”operation”:”add”,”path”:”tuning/SomeWhitelist”,”key”:”windows”,”value”:[“1.0.0.0”]}
{“type”:”whitelist”,”operation”:”subtract”,”path”:”tuning/SomeWhitelist”,”key”:”windows”,”value”:[“1.0.0.0”,”2.0.0.0”]} Blacklist
{“type”:”blacklist”,”operation”:add”,”path”:”tuning/SomeBlacklist”,”key”:”windows”,”value”:[“1.0.0.0”]}
{“type”:”blacklist”,”operation”:subtract,”path”:”tuning/SomeBlacklist”,”key”:”windows”,”value”:[“1.0.0.0”,”2.0.0.0”]}
To specify more than one tuning provide them in list like
’[{“type”:”severity”,”value”:”incident”},{“type”:”visibility”,”value”:”high”},{“type”:”threshold”,”value”:”100”}]’
(dict) –
Tuning specification
key (string) –
Explicit tuning tagset key
operation (string) –
Operation to perform
Valid values:
add
,subtract
,write
,delete
path (string) –
Explicit tuning tagset path
type (string) –
Type of the tuning
Valid values:
severity
,visibility
,threshold
,handling
,whitelist
,blacklist
value (dict) –
Value string or a list of string
- Returns
None