Skip to content

Alert Rules Commands

alert-rules

View and manage alert rules.

Usage:

alert-rules [OPTIONS] COMMAND [ARGS]...

Options:

  --log-stderr      Enable logging to stderr.
  --log-file TEXT   Specify file path to write log output to.
  --log-level TEXT  Set level for Incydr client logging.
  --help            Show this message and exit.

alert-rules disable

Disable a single rule or a set of rules.

Usage:

alert-rules disable [OPTIONS] RULE_IDS

Options:

  --log-stderr      Enable logging to stderr.
  --log-file TEXT   Specify file path to write log output to.
  --log-level TEXT  Set level for Incydr client logging.
  --help            Show this message and exit.

alert-rules enable

Enable a single rule or a set of rules.

Where RULE-IDS is a comma-delimited list of rule IDs to enable.

Usage:

alert-rules enable [OPTIONS] RULE_IDS

Options:

  --log-stderr      Enable logging to stderr.
  --log-file TEXT   Specify file path to write log output to.
  --log-level TEXT  Set level for Incydr client logging.
  --help            Show this message and exit.

alert-rules list

List all rules.

Usage:

alert-rules list [OPTIONS]

Options:

  -f, --format TABLEFORMAT  Format to print result. One of 'table', 'json-
                            pretty', 'json-lines', or 'csv. If environment has
                            INCYDR_USE_RICH=false set, defaults to 'json-
                            lines', else defaults to 'table'.
  --columns TEXT            Comma-delimited string of column names. Nested
                            values should be specified in dot-notation. Limits
                            output to contain only the specified columns in
                            CSV or Table format.  Ignored for JSON output
                            formats.
  --log-stderr              Enable logging to stderr.
  --log-file TEXT           Specify file path to write log output to.
  --log-level TEXT          Set level for Incydr client logging.
  --help                    Show this message and exit.

alert-rules list-users

Lists the usernames on the rule's username filter.

Note that users could either be included on or excluded from the rule depending on the rule's configuration.

Usage:

alert-rules list-users [OPTIONS] RULE_ID

Options:

  -f, --format SINGLEFORMAT  Format to print result. One of 'rich', 'json-
                             pretty', or 'json-lines'. If environment has
                             INCYDR_USE_RICH=false set, defaults to 'json-
                             lines', else defaults to 'rich'.
  --log-stderr               Enable logging to stderr.
  --log-file TEXT            Specify file path to write log output to.
  --log-level TEXT           Set level for Incydr client logging.
  --help                     Show this message and exit.

alert-rules remove-all-users

Remove ALL users from a rule's username filter.

Note that the removed users could become either included or excluded from the rule, depending on the rule's configuration.

Usage:

alert-rules remove-all-users [OPTIONS] RULE_ID

Options:

  --log-stderr      Enable logging to stderr.
  --log-file TEXT   Specify file path to write log output to.
  --log-level TEXT  Set level for Incydr client logging.
  --help            Show this message and exit.

alert-rules show

Show details for a single rule.

If using rich, also retrieve the username filter for the rule (if it exists).

Usage:

alert-rules show [OPTIONS] RULE_ID

Options:

  -f, --format SINGLEFORMAT  Format to print result. One of 'rich', 'json-
                             pretty', or 'json-lines'. If environment has
                             INCYDR_USE_RICH=false set, defaults to 'json-
                             lines', else defaults to 'rich'.
  --log-stderr               Enable logging to stderr.
  --log-file TEXT            Specify file path to write log output to.
  --log-level TEXT           Set level for Incydr client logging.
  --help                     Show this message and exit.