correlation.create

Description

object correlation.create(object/array correlations)

This method allows to create new correlations.

This method is only available to Super admin user type. Permissions to call the method can be revoked in user role settings. See User roles for more information.

Parameters

(object/array) Correlations to create.

Additionally to the standard correlation properties, the method accepts the following parameters.

Parameter	Type	Description
operations (required)	array	Correlation operations to create for the correlation.
filter (required)	object	Correlation filter object for the correlation.

Valori restituiti

(object) Restituisce un oggetto contenente gli ID delle azioni create sotto la proprietà actionids. L'ordine degli ID restituiti corrisponde all'ordine delle azioni passate.

Esempi

Create a new event tag correlation

Create a correlation using evaluation method AND/OR with one condition and one operation. By default the correlation will be enabled.

Request:

{
           "jsonrpc": "2.0",
           "method": "correlation.create",
           "params": {
               "name": "new event tag correlation",
               "filter": {
                   "evaltype": 0,
                   "conditions": [
                       {
                           "type": 1,
                           "tag": "ok"
                       }
                   ]
               },
               "operations": [
                   {
                       "type": 0
                   }
               ]
           },
           "auth": "343baad4f88b4106b9b5961e77437688",
           "id": 1
       }

Response:

{
           "jsonrpc": "2.0",
           "result": {
               "correlationids": [
                   "1"
               ]
           },
           "id": 1
       }

Using a custom expression filter

Create a correlation that will use a custom filter condition. The formula IDs "A" or "B" have been chosen arbitrarily. Condition type will be "Host group" with operator "<>".