Alerts
These are the API end points for retrieving alerts and profiles meta data.
End Points
Get Alerts
Alert Bulk Request
Alert Bulk Fetch
List Alert Profiles
Get Alert Profile
Enable Alert Profiles
Disable Alert Profiles
Get Alerts
This API retrieves a list of alerts based on severity, time range, or profile IDs. Users can create a fetch request with relevant metadata, and the server processes the request, returning the results directly. The Get Alerts API supports fetching up to 500,000 logs.
OAuth Scope : logs360cloud.alerts.READ
Role : Administrator, Operator
Arguments
query
string
Search query formed using the MetaData APIs.
start_time
string
Start time range for Search in ISO 8601 date-time format. The value must be greater than or equal to 1970-01-01T00:00:00Z. Timezone offsets are supported.
end_time
string
End time range for Search in ISO 8601 date-time format. The value must be greater than or equal to 1970-01-01T00:00:00Z. Timezone offsets are supported.
from
integer
The starting index of the response range.
limit
integer
The number of alerts to return in the search response. Users can specify a value up to a maximum of 1,000.
severity
string
Filters alerts based on severity levels. Allowed values - critical, trouble, attention.
profile_ids
array
List of profile IDs to filter the alerts. It can be retrieved using the List Alert Profile API.
response_type
string
Determines whether the response value should be based on the client or server value. Accepted values are `client` and `server`. Default value is 'server'.
Headers
account_id
string
(Required)
Account ID
parameters_data='{"field1":"value1","field2":"value2"}';
headers_data = Map();
headers_data.put("account_id", "18XXXXX4");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://log360cloud.manageengine.com/api/v2/alerts"
type: POST
headers: headers_data
content-type: application/json
parameters: parameters_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\"field1\":\"value1\",\"field2\":\"value2\"}");
Request request = new Request.Builder()
.url("https://log360cloud.manageengine.com/api/v2/alerts")
.post(body)
.addHeader("account_id", "18XXXXX4")
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.addHeader("content-type", "application/json")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'POST',
headers: {
account_id: '18XXXXX4',
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f',
'content-type': 'application/json'
},
body: '{"field1":"value1","field2":"value2"}'
};
fetch('https://log360cloud.manageengine.com/api/v2/alerts', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("log360cloud.manageengine.com")
payload = "{\"field1\":\"value1\",\"field2\":\"value2\"}"
headers = {
'account_id': "18XXXXX4",
'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
'content-type': "application/json"
}
conn.request("POST", "/api/v2/alerts", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "POST",
"hostname": "log360cloud.manageengine.com",
"port": null,
"path": "/api/v2/alerts",
"headers": {
"account_id": "18XXXXX4",
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
"content-type": "application/json"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.write(JSON.stringify({field1: 'value1', field2: 'value2'}));
req.end();
curl --request POST \
--url https://log360cloud.manageengine.com/api/v2/alerts \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f' \
--header 'account_id: 18XXXXX4' \
--header 'content-type: application/json' \
--data '{"field1":"value1","field2":"value2"}'
{
"query": " ( ( severity = \"success\" AND type = \"Security\" ) )",
"start_time": "2025-03-27T14:30:00Z",
"end_time": "2025-03-28T14:30:00Z",
"from": 1,
"limit": 1000,
"severity": "critical,trouble,attention",
"profile_ids": [
100000000000003
],
"response_type": "client"
}
{
"data": [
{
"Display Name": {
"3000000443173": "Dev-Agent"
},
"Category": "dos attack entered defensive mode",
"Message": "microsoft-windows-eventlog : DoS Attack Entered Defensive Mode. Subject: Security ID: S-1-5-21-2477490969-972611893-3386141825-500 Account Name: administrator Domain Name: ELANEW2017 Logon ID: 0x8D71B\t9077",
"User Name": "n/a",
"Severity": "information",
"Time": "2025-03-01 22:57:00",
"Event ID": "5148",
"Source": "microsoft-windows-eventlog",
"Alert Severity": "TROUBLE",
"Log Source Type": "windows",
"Type": "security",
"Profile Name": "External Remote RDP Logon from Public IP",
"Log Source": "dev-agent"
},
"..."
],
"meta": {
"start_index": 1,
"total_count": 96,
"limit": 10
}
}
{
"code": "00000101",
"title": "Unauthorized",
"detail": "Invalid OAuth Token"
}
{
"error": {
"code": "10001007",
"title": "Bad Request",
"detail": "Something went wrong."
}
}
Alert Bulk Request
This API enables searches over a larger data range. Users can create a fetch request with relevant metadata, which the server processes by paginating the data into pages of 5,000 records each. The response includes a request ID and total page count, allowing users to retrieve specific pages using the request ID.
OAuth Scope : logs360cloud.alerts.READ
Role : Administrator, Operator
Arguments
query
string
Search query formed using the MetaData APIs.
start_time
string
Start time range for Search in ISO 8601 date-time format. The value must be greater than or equal to 1970-01-01T00:00:00Z. Timezone offsets are supported.
end_time
string
End time range for Search in ISO 8601 date-time format. The value must be greater than or equal to 1970-01-01T00:00:00Z. Timezone offsets are supported.
severity
string
Filters alerts based on severity levels. Allowed values - critical, trouble, attention.
profile_ids
array
List of profile IDs to filter the alerts. It can be retrieved using the List Alert Profile API.
Headers
account_id
string
(Required)
Account ID
parameters_data='{"field1":"value1","field2":"value2"}';
headers_data = Map();
headers_data.put("account_id", "18XXXXX4");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://log360cloud.manageengine.com/api/v2/alerts/bulk"
type: POST
headers: headers_data
content-type: application/json
parameters: parameters_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\"field1\":\"value1\",\"field2\":\"value2\"}");
Request request = new Request.Builder()
.url("https://log360cloud.manageengine.com/api/v2/alerts/bulk")
.post(body)
.addHeader("account_id", "18XXXXX4")
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.addHeader("content-type", "application/json")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'POST',
headers: {
account_id: '18XXXXX4',
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f',
'content-type': 'application/json'
},
body: '{"field1":"value1","field2":"value2"}'
};
fetch('https://log360cloud.manageengine.com/api/v2/alerts/bulk', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("log360cloud.manageengine.com")
payload = "{\"field1\":\"value1\",\"field2\":\"value2\"}"
headers = {
'account_id': "18XXXXX4",
'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
'content-type': "application/json"
}
conn.request("POST", "/api/v2/alerts/bulk", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "POST",
"hostname": "log360cloud.manageengine.com",
"port": null,
"path": "/api/v2/alerts/bulk",
"headers": {
"account_id": "18XXXXX4",
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
"content-type": "application/json"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.write(JSON.stringify({field1: 'value1', field2: 'value2'}));
req.end();
curl --request POST \
--url https://log360cloud.manageengine.com/api/v2/alerts/bulk \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f' \
--header 'account_id: 18XXXXX4' \
--header 'content-type: application/json' \
--data '{"field1":"value1","field2":"value2"}'
{
"query": " ( ( severity = \"success\" AND type = \"Security\" ) )",
"start_time": "2025-03-27T14:30:00Z",
"end_time": "2025-03-28T14:30:00Z",
"severity": "critical,trouble,attention",
"profile_ids": [
100000000000003
]
}
{
"data": {
"request_id": "1678000017823297"
},
"meta": {
"per_page": 10,
"total_pages": 12,
"total_items": 115
}
}
{
"code": "00000101",
"title": "Unauthorized",
"detail": "Invalid OAuth Token"
}
{
"error": {
"code": "10001007",
"title": "Bad Request",
"detail": "Something went wrong."
}
}
Alert Bulk Fetch
This API is used to fetch the response of a specific page.
OAuth Scope : logs360cloud.alerts.READ
Role : Administrator, Operator
Query Parameters
request_id
string
(Required)
Request ID to Fetch Search Results
page_no
integer
(Required)
Page Number
response_type
string
Determines whether the response value should be based on the client or server value. Accepted values are `client` and `server`. Default value is 'server'.
headers_data = Map();
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://log360cloud.manageengine.com/api/v2/alerts/bulk?request_id=1678000017823297&page_no=1"
type: GET
headers: headers_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.url("https://log360cloud.manageengine.com/api/v2/alerts/bulk?request_id=1678000017823297&page_no=1")
.get()
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'GET',
headers: {
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
}
};
fetch('https://log360cloud.manageengine.com/api/v2/alerts/bulk?request_id=1678000017823297&page_no=1', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("log360cloud.manageengine.com")
headers = { 'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f" }
conn.request("GET", "/api/v2/alerts/bulk?request_id=1678000017823297&page_no=1", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "GET",
"hostname": "log360cloud.manageengine.com",
"port": null,
"path": "/api/v2/alerts/bulk?request_id=1678000017823297&page_no=1",
"headers": {
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.end();
curl --request GET \
--url 'https://log360cloud.manageengine.com/api/v2/alerts/bulk?request_id=1678000017823297&page_no=1' \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
{
"data": [
{
"DisplayName": {
"3000000443173": "Dev-Agent"
},
"Category": "downgrade attacks",
"Message": "lsasrv : Downgrade Attacks...",
"UserName": "n/a",
"Severity": "information",
"Time": "2025-03-01 22:57:00",
"EventID": "40960",
"Source": "lsasrv",
"AlertSeverity": "TROUBLE",
"LogSourceType": "windows",
"Type": "security",
"ProfileName": "External Remote RDP Logon from Public IP",
"LogSource": "dev-agent"
}
],
"meta": {
"start_index": 1,
"total_count": 800,
"limit": 5000
}
}
{
"code": "00000101",
"title": "Unauthorized",
"detail": "Invalid OAuth Token"
}
{
"error": {
"code": "10001007",
"title": "Bad Request",
"detail": "Something went wrong."
}
}
List Alert Profiles
This API retrieves a list of alert profiles.
OAuth Scope : logs360cloud.alerts.READ
Role : Administrator, Operator
Query Parameters
severity
string
Filters alerts based on severity levels. Allowed values - critical, trouble, attention.
status
string
Filters alerts based on their status. Allowed values - enabled, disabled.
profile_type
string
Filters alerts based on profile type. Allowed values - pre_defined, custom, compliance, correlation, sigma.
from
integer
The starting index of the response range.
limit
integer
The number of alert profiles to return in the search response. Users can specify a value up to a maximum of 1,000.
Headers
account_id
string
(Required)
Account ID
headers_data = Map();
headers_data.put("account_id", "18XXXXX4");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://log360cloud.manageengine.com/api/v2/alerts/profile"
type: GET
headers: headers_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.url("https://log360cloud.manageengine.com/api/v2/alerts/profile")
.get()
.addHeader("account_id", "18XXXXX4")
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'GET',
headers: {
account_id: '18XXXXX4',
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
}
};
fetch('https://log360cloud.manageengine.com/api/v2/alerts/profile', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("log360cloud.manageengine.com")
headers = {
'account_id': "18XXXXX4",
'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
conn.request("GET", "/api/v2/alerts/profile", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "GET",
"hostname": "log360cloud.manageengine.com",
"port": null,
"path": "/api/v2/alerts/profile",
"headers": {
"account_id": "18XXXXX4",
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.end();
curl --request GET \
--url https://log360cloud.manageengine.com/api/v2/alerts/profile \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f' \
--header 'account_id: 18XXXXX4'
{
"data": [
{
"severity": "Critical",
"notification_type": [],
"profile_name": "custom alert 1",
"profile_type": "Custom Alert Profile",
"profile_id": 3000000435591
}
]
}
{
"code": "00000101",
"title": "Unauthorized",
"detail": "Invalid OAuth Token"
}
{
"error": {
"code": "10001007",
"title": "Bad Request",
"detail": "Something went wrong."
}
}
Get Alert Profile
Retrieves the full configuration of the specified alert profile by its profile ID, including severity, criteria, log source selections, and notification details.
Use this endpoint to review the configuration of a specific alert profile, such as during alert tuning or incident investigation.
Rate limit: 50 requests per minute per account.
OAuth Scope : logs360cloud.alerts.READ
Role : Administrator, Operator
Path Parameters
profile_id
integer
(Required)
Unique ID of the alert profile. It can be taken from the List Alert Profiles API.
Headers
account_id
string
(Required)
Account ID
headers_data = Map();
headers_data.put("account_id", "18XXXXX4");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://log360cloud.manageengine.com/api/v2/alerts/profile/3000000435591"
type: GET
headers: headers_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.url("https://log360cloud.manageengine.com/api/v2/alerts/profile/3000000435591")
.get()
.addHeader("account_id", "18XXXXX4")
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'GET',
headers: {
account_id: '18XXXXX4',
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
}
};
fetch('https://log360cloud.manageengine.com/api/v2/alerts/profile/3000000435591', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("log360cloud.manageengine.com")
headers = {
'account_id': "18XXXXX4",
'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
conn.request("GET", "/api/v2/alerts/profile/3000000435591", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "GET",
"hostname": "log360cloud.manageengine.com",
"port": null,
"path": "/api/v2/alerts/profile/3000000435591",
"headers": {
"account_id": "18XXXXX4",
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.end();
curl --request GET \
--url https://log360cloud.manageengine.com/api/v2/alerts/profile/3000000435591 \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f' \
--header 'account_id: 18XXXXX4'
{
"data": {
"profile_id": 3000000435591,
"profile_id_str": "3000000435591",
"profile_name": "Brute Force Attack Detection",
"severity": "Critical",
"severity_value": "CRITICAL",
"profile_type": "Custom Alert Profile",
"status": "enabled",
"creator_type": "User",
"created_by": "admin@example.com",
"threshold_event_occurrence": 5,
"threshold_time_interval": 6,
"alert_message_format": "Multiple failed logon attempts from %SOURCE_IP%",
"criteria": {
"rows": [
{
"FIELD": "EVENTID",
"VALUE": "4625",
"CONDI": "EQ",
"TYPE": "String",
"LOGIC": "AND"
}
],
"pattern": "(1)"
},
"filter_criteria": {
"rows": [
{
"FIELD": "SOURCE_IP",
"VALUE": "10.0.0.0/24",
"CONDI": "CIDR",
"TYPE": "String",
"LOGIC": "AND"
}
],
"pattern": "(1)"
},
"log_source_ids": [],
"log_source_group_ids": [
3000000012292
],
"mail_id": "security-team@example.com",
"mail_subject": "Alert: %PROFILE_NAME% triggered",
"mail_content": "Alert triggered at %TIME%. Details: %MESSAGE%"
}
}
{
"data": {
"profile_id": 3000000435600,
"profile_id_str": "3000000435600",
"profile_name": "AWS Recently Attached Auto Scaling",
"severity": "Attention",
"severity_value": "ATTENTION",
"profile_type": "Predefined Alert Profile",
"status": "enabled",
"creator_type": "Log360",
"created_by": "system",
"threshold_event_occurrence": 1,
"threshold_time_interval": 5,
"alert_message_format": "%MESSAGE%",
"criteria": {
"report_unique_keys": [
"AWS_Recently_Attached_Auto_Scaling_Instances"
]
},
"log_source_ids": [],
"log_source_group_ids": [],
"mail_id": "admin@example.com",
"mail_subject": "Alert: %PROFILE_NAME%",
"mail_content": "%MESSAGE%"
}
}
{
"data": {
"profile_id": 3000000435610,
"profile_id_str": "3000000435610",
"profile_name": "Suspicious Process Execution",
"severity": "Critical",
"severity_value": "CRITICAL",
"profile_type": "Rule Alert Profile",
"status": "enabled",
"creator_type": "User",
"created_by": "admin@example.com",
"threshold_event_occurrence": 3,
"threshold_time_interval": 5,
"alert_message_format": "Detection rule triggered — %MESSAGE%",
"criteria": {
"rule_id": 1000000012345
},
"log_source_ids": [],
"log_source_group_ids": [
3000000012292
],
"mail_id": "soc@example.com",
"mail_subject": "Alert: %PROFILE_NAME%",
"mail_content": "Rule alert at %TIME%. %MESSAGE%"
}
}
{
"data": {
"profile_id": 3000000435620,
"profile_id_str": "3000000435620",
"profile_name": "PCI DSS Password Policy Violation",
"severity": "Trouble",
"severity_value": "TROUBLE",
"profile_type": "Compliance Alert Profile",
"status": "enabled",
"creator_type": "User",
"created_by": "admin@example.com",
"threshold_event_occurrence": 1,
"threshold_time_interval": 10,
"alert_message_format": "Compliance violation — %MESSAGE%",
"criteria": {
"compliance_name": "PCI DSS",
"policy_id": 3000000500001,
"report_unique_keys": [
"PCI_Password_Policy_Changes"
]
},
"log_source_ids": [
30000000251315
],
"log_source_group_ids": [],
"mail_id": "compliance@example.com",
"mail_subject": "Compliance Alert: %PROFILE_NAME%",
"mail_content": "Compliance alert at %TIME%. %MESSAGE%"
}
}
{
"error": {
"code": "10001007",
"title": "Bad Request",
"detail": "Invalid profile_id format."
}
}
{
"error": {
"code": "00000101",
"title": "Unauthorized",
"detail": "Invalid OAuth Token"
}
}
{
"error": {
"code": "10001003",
"title": "Forbidden",
"detail": "Insufficient permissions to view alert profiles."
}
}
{
"error": {
"code": "10001005",
"title": "Not Found",
"detail": "Alert profile not found for the given profile_id."
}
}
{
"error": {
"code": "10001029",
"title": "Too Many Requests",
"detail": "Rate limit exceeded. Retry after some time."
}
}
{
"error": {
"code": "10001018",
"title": "Internal Server Error",
"detail": "An unexpected error occurred. Please try again later."
}
}
Enable Alert Profiles
Enables one or more alert profiles using the specified profile IDs.
Use this endpoint to enable alert profiles, such as when resuming monitoring after a maintenance window or activating newly created profiles.
Rate limit: 20 requests per minute per account.
OAuth Scope : logs360cloud.alerts.UPDATE
Role : Administrator, Operator
Arguments
profile_ids
array
(Required)
List of alert profile IDs to enable (min 1, max 100). From List Alert Profiles API.
Headers
account_id
string
(Required)
Account ID
parameters_data='{"profile_ids":[3000000435591,3000000435592]}';
headers_data = Map();
headers_data.put("account_id", "18XXXXX4");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://log360cloud.manageengine.com/api/v2/alerts/profile/enable"
type: PATCH
headers: headers_data
content-type: application/json
parameters: parameters_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\"profile_ids\":[3000000435591,3000000435592]}");
Request request = new Request.Builder()
.url("https://log360cloud.manageengine.com/api/v2/alerts/profile/enable")
.patch(body)
.addHeader("account_id", "18XXXXX4")
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.addHeader("content-type", "application/json")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'PATCH',
headers: {
account_id: '18XXXXX4',
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f',
'content-type': 'application/json'
},
body: '{"profile_ids":[3000000435591,3000000435592]}'
};
fetch('https://log360cloud.manageengine.com/api/v2/alerts/profile/enable', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("log360cloud.manageengine.com")
payload = "{\"profile_ids\":[3000000435591,3000000435592]}"
headers = {
'account_id': "18XXXXX4",
'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
'content-type': "application/json"
}
conn.request("PATCH", "/api/v2/alerts/profile/enable", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "PATCH",
"hostname": "log360cloud.manageengine.com",
"port": null,
"path": "/api/v2/alerts/profile/enable",
"headers": {
"account_id": "18XXXXX4",
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
"content-type": "application/json"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.write(JSON.stringify({profile_ids: [3000000435591, 3000000435592]}));
req.end();
curl --request PATCH \
--url https://log360cloud.manageengine.com/api/v2/alerts/profile/enable \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f' \
--header 'account_id: 18XXXXX4' \
--header 'content-type: application/json' \
--data '{"profile_ids":[3000000435591,3000000435592]}'
{
"profile_ids": [
3000000435591,
3000000435592
]
}
{
"data": {
"message": "Alert profile(s) enabled successfully."
}
}
{
"error": {
"code": "10001007",
"title": "Bad Request",
"detail": "profile_ids is missing or invalid."
}
}
{
"error": {
"code": "00000101",
"title": "Unauthorized",
"detail": "Invalid OAuth Token"
}
}
{
"error": {
"code": "10001003",
"title": "Forbidden",
"detail": "Insufficient permissions to enable alert profiles."
}
}
{
"error": {
"code": "10001005",
"title": "Not Found",
"detail": "One or more profile IDs do not exist."
}
}
{
"error": {
"code": "10001029",
"title": "Too Many Requests",
"detail": "Rate limit exceeded. Retry after some time."
}
}
{
"error": {
"code": "10001018",
"title": "Internal Server Error",
"detail": "Something went wrong."
}
}
Disable Alert Profiles
Disables one or more alert profiles using the specified profile IDs.
Use this endpoint to disable alert profiles, such as during scheduled maintenance windows or when temporarily suppressing known noisy alerts.
Rate limit: 20 requests per minute per account.
OAuth Scope : logs360cloud.alerts.UPDATE
Role : Administrator, Operator
Arguments
profile_ids
array
(Required)
List of alert profile IDs to disable (min 1, max 100). From List Alert Profiles API.
Headers
account_id
string
(Required)
Account ID
parameters_data='{"profile_ids":[3000000435591,3000000435592]}';
headers_data = Map();
headers_data.put("account_id", "18XXXXX4");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://log360cloud.manageengine.com/api/v2/alerts/profile/disable"
type: PATCH
headers: headers_data
content-type: application/json
parameters: parameters_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\"profile_ids\":[3000000435591,3000000435592]}");
Request request = new Request.Builder()
.url("https://log360cloud.manageengine.com/api/v2/alerts/profile/disable")
.patch(body)
.addHeader("account_id", "18XXXXX4")
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.addHeader("content-type", "application/json")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'PATCH',
headers: {
account_id: '18XXXXX4',
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f',
'content-type': 'application/json'
},
body: '{"profile_ids":[3000000435591,3000000435592]}'
};
fetch('https://log360cloud.manageengine.com/api/v2/alerts/profile/disable', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("log360cloud.manageengine.com")
payload = "{\"profile_ids\":[3000000435591,3000000435592]}"
headers = {
'account_id': "18XXXXX4",
'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
'content-type': "application/json"
}
conn.request("PATCH", "/api/v2/alerts/profile/disable", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "PATCH",
"hostname": "log360cloud.manageengine.com",
"port": null,
"path": "/api/v2/alerts/profile/disable",
"headers": {
"account_id": "18XXXXX4",
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
"content-type": "application/json"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.write(JSON.stringify({profile_ids: [3000000435591, 3000000435592]}));
req.end();
curl --request PATCH \
--url https://log360cloud.manageengine.com/api/v2/alerts/profile/disable \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f' \
--header 'account_id: 18XXXXX4' \
--header 'content-type: application/json' \
--data '{"profile_ids":[3000000435591,3000000435592]}'
{
"profile_ids": [
3000000435591,
3000000435592
]
}
{
"data": {
"message": "Alert profile(s) disabled successfully."
}
}
{
"error": {
"code": "10001007",
"title": "Bad Request",
"detail": "profile_ids is missing or invalid."
}
}
{
"error": {
"code": "00000101",
"title": "Unauthorized",
"detail": "Invalid OAuth Token"
}
}
{
"error": {
"code": "10001003",
"title": "Forbidden",
"detail": "Insufficient permissions to disable alert profiles."
}
}
{
"error": {
"code": "10001005",
"title": "Not Found",
"detail": "One or more profile IDs do not exist."
}
}
{
"error": {
"code": "10001029",
"title": "Too Many Requests",
"detail": "Rate limit exceeded. Retry after some time."
}
}
{
"error": {
"code": "10001018",
"title": "Internal Server Error",
"detail": "Something went wrong."
}
}