Uptycs Alert Triggers API Call

Uptycs Alert Triggers API Call

This python module can be run to trigger Uptycs API calls from Uptycs alerts. 


Example: An alert is configured to fire when asset location is not in USA (possible GDPR issue). This python can then be run to automatically make an API call to disable the asset (so it stops collecting data). 


api_call_from_alert.py


Usage: ./api_call_from_alert.py <uptycs_apikey_file> [--domainsuffix <uptycs_domain>]


The --domainsuffix flag is only required for uptycs domains other than '.uptycs.io'


This python script reads alerts from Uptycs and then makes Uptycs API calls. 

Each type of Uptycs alert to be processed must have a corresponding config file in 

the "./alert_config/" directory. Each config file has the Uptycs alert code and details 

of the API call to make.  


Each time this script is run it pulls alerts for codes specified in the ./alert_config/*.json files

with timestamp greater than the last run time and less than the current run time. 

The first time it is run it goes back a maximum of 1 day. 

We recommend running this script every 30 mins and specifying a maximum interval of 15 mins

for SQL alerts. 

 

    • Related Articles

    • Python helper module for Uptycs API

      The attached helper module (uptapi.py) and demo program (uptdemo.py) show how to access Uptycs API from Python 3. 

    • Provisioning roles using API

      Overview Starting with Uptycs portal release 46025, Uptycs provides entity level granular user permissions through roles. This document outlines the process to create roles using API - with examples. Procedure -- Create a new role $ urestapi -k ...

    • Create Custom Threat Source using API

      The article includes the API query to create and update the threat source. We support uploading CSV as of now. To create Threat source: curl --location --request POST ...

    • How to check Audit logs under upi_api_audit_logs

      The article contains useful queries about how to use the upt_api_audit_logs to capture audit log events. The api_name column in the table suggests how the api call was made. the following are the different values that can be present: Api call Query ...

    • Delete duplicate assets using the API

      Duplicate asset (hostname) on Uptycs platform could be a result of particular asset being in rotation or being used a a loaner laptop in which case, uuid of the asset remains the same and the asset is recorded under different hostnames. Following ...