notification:rule : Notification rule object.¶
Notification rule specifies the server to which this rule is applicable, certain conditions (i.e. triggers), and the action to be taken when the rule is hit. It also specifies where this rule engine is configured to be run.
Object Reference¶
References to notification:rule are object references.
The name part of a notification rule reference has the following components:
The name of the notification rule
Example: notification:rule/ZG5zLm5ldHdvcmtfdmlldyQxMTk:rule1
Restrictions¶
The object does not support the following operations:
Scheduling
CSV export
The object cannot be managed on Cloud Platform members.
Fields¶
These fields are actual members of the object; thus, they can be requested by using _return_fields, if the fields are readable.
The basic version of the object contains the field(s): event_type, name, notification_action, notification_target.
The following fields are required to create this object:
Field |
Notes |
|---|---|
event_type |
|
expression_list |
|
name |
|
notification_action |
|
notification_target |
all_members¶
- all_members¶
Determines whether the notification rule is applied on all members or not. When this is set to False, the notification rule is applied only on selected_members.
Type
Bool.
Create
The default value is True.
Search
The field is not available for search.
comment¶
- comment¶
The notification rule descriptive comment.
Type
String.
Create
The default value is empty.
Search
The field is available for search via
‘~=’ (regular expression)
‘=’ (exact equality)
‘:=’ (case insensitive search)
disable¶
- disable¶
Determines whether a notification rule is disabled or not. When this is set to False, the notification rule is enabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
enable_event_deduplication¶
- enable_event_deduplication¶
Determines whether the notification rule for event deduplication is enabled. Note that to enable event deduplication, you must set at least one deduplication field.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
enable_event_deduplication_log¶
- enable_event_deduplication_log¶
Determines whether the notification rule for the event deduplication syslog is enabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
event_deduplication_fields¶
- event_deduplication_fields¶
The list of fields that must be used in the notification rule for event deduplication.
Type
Enum values array.
- Valid values are:
DISCOVERER
DUID
DXL_TOPIC
IP_ADDRESS
MAC_ADDRESS
NETWORK
NETWORK_VIEW
OPERATION_TYPE
QUERY_FQDN
QUERY_NAME
QUERY_TYPE
RPZ_POLICY
RPZ_TYPE
RULE_ACTION
RULE_CATEGORY
RULE_SEVERITY
RULE_SID
SOURCE_IP
SOURCE_PORT
Create
The default value is empty.
Search
The field is not available for search.
event_deduplication_lookback_period¶
- event_deduplication_lookback_period¶
The lookback period for the notification rule for event deduplication.
Type
Unsigned integer.
Create
The default value is 600.
Search
The field is not available for search.
event_priority¶
- event_priority¶
Event priority.
Type
String.
Create
The default value is NORMAL.
Search
The field is available for search via
‘~=’ (regular expression)
‘=’ (exact equality)
‘:=’ (case insensitive search)
event_type¶
- event_type¶
The notification rule event type.
Type
String.
- Valid values are:
ANALYTICS_DNS_TUNNEL
DB_CHANGE_DHCP_FIXED_ADDRESS_IPV4
DB_CHANGE_DHCP_FIXED_ADDRESS_IPV6
DB_CHANGE_DHCP_NETWORK_IPV4
DB_CHANGE_DHCP_NETWORK_IPV6
DB_CHANGE_DHCP_RANGE_IPV4
DB_CHANGE_DHCP_RANGE_IPV6
DB_CHANGE_DNS_DISCOVERY_DATA
DB_CHANGE_DNS_HOST_ADDRESS_IPV4
DB_CHANGE_DNS_HOST_ADDRESS_IPV6
DB_CHANGE_DNS_RECORD
DB_CHANGE_DNS_ZONE
DHCP_LEASES
DNS_RPZ
DXL_EVENT_SUBSCRIBER
IPAM
SCHEDULE
SECURITY_ADP
Create
The field is required on creation.
Search
The field is available for search via
‘=’ (exact equality)
Notes
The event_type is part of the base object.
expression_list¶
- expression_list¶
The notification rule expression list.
Type
A/An Notification rule expression operand struct array.
Create
The field is required on creation.
Search
The field is not available for search.
name¶
- name¶
The notification rule name.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The field is required on creation.
Search
The field is available for search via
‘~=’ (regular expression)
‘=’ (exact equality)
‘:=’ (case insensitive search)
Notes
The name is part of the base object.
The name cannot be updated.
notification_action¶
- notification_action¶
The notification rule action is applied if expression list evaluates to True.
Type
String.
- Valid values are:
CISCOISE_PUBLISH
CISCOISE_QUARANTINE
RESTAPI_TEMPLATE_INSTANCE
Create
The field is required on creation.
Search
The field is available for search via
‘=’ (exact equality)
Notes
The notification_action is part of the base object.
notification_target¶
- notification_target¶
The notification target.
Type
String.
This field supports nested return fields as described here.
Create
The field is required on creation.
Search
The field is available for search via
‘=’ (exact equality)
Notes
The notification_target is part of the base object.
publish_settings¶
- publish_settings¶
The publish settings.
Type
A/An Cisco ISE publish settings struct struct.
Create
The default value is empty.
Search
The field is not available for search.
Notes
publish_settings is associated with the field use_publish_settings (see use flag).
scheduled_event¶
- scheduled_event¶
Schedule setting that must be specified if event_type is SCHEDULE.
Type
A/An Schedule Setting struct.
Create
The default value is empty.
Search
The field is not available for search.
selected_members¶
- selected_members¶
The list of the members on which the notification rule is applied.
Type
String array.
Create
The default value is empty.
Search
The field is not available for search.
template_instance¶
- template_instance¶
The notification REST template instance.
Type
A/An Notification REST template instance struct.
Create
The default value is empty.
Search
The field is not available for search.
use_publish_settings¶
- use_publish_settings¶
Use flag for: publish_settings
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Function Calls¶
trigger_outbound¶
Test notification rules by user created event.
This function does not support multiple object matches when called as part of an atomic insertion operation.
Input fields
event_text ( String. ). This parameter is mandatory. The event to trigger notification rule in a JSON text string.
Output fields
None
Fields List¶
Field |
Type |
Req |
R/O |
Base |
Search |
|---|---|---|---|---|---|
all_members |
Bool |
N |
N |
N |
N/A |
comment |
String |
N |
N |
N |
: = ~ |
disable |
Bool |
N |
N |
N |
N/A |
enable_event_deduplication |
Bool |
N |
N |
N |
N/A |
enable_event_deduplication_log |
Bool |
N |
N |
N |
N/A |
event_deduplication_fields |
[Enum] |
N |
N |
N |
N/A |
event_deduplication_lookback_period |
Unsigned int |
N |
N |
N |
N/A |
event_priority |
String |
N |
N |
N |
: = ~ |
event_type |
String |
Y |
N |
Y |
= |
expression_list |
[struct] |
Y |
N |
N |
N/A |
name |
String |
Y |
N |
Y |
: = ~ |
notification_action |
String |
Y |
N |
Y |
= |
notification_target |
String |
Y |
N |
Y |
= |
publish_settings |
struct |
N |
N |
N |
N/A |
scheduled_event |
struct |
N |
N |
N |
N/A |
selected_members |
[String] |
N |
N |
N |
N/A |
template_instance |
struct |
N |
N |
N |
N/A |
use_publish_settings |
Bool |
N |
N |
N |
N/A |
