SOLVED
Hi @BradV
Yes it is available in the GET /rest/alerts API response.
I seem to get this specific alert you are referring to (about one of the Verisign CA certificates not being FIPS compliant) in the response on my test appliance.
You have seen it in the UI so it is there in the alerts table in the database.
Will find out if there is a known issue with the "latest" alerts not being available when you query the REST API and come back.
Possibly query for the specific alert id and see instead of a GET all.
Regards,
Bhaskar
I am a HPE employee
I am an HPE employee
Hi @BradV
Most likely the alerts DB and index DB are out of synch on your appliance.
Can you open a support case on this to get that fixed?
Regards,
Bhaskar
I am an HPE employee
Hi @BradV
Sorry about the delay.
Have you tried the below?
curl -X GET -H "X-API-Version:800" -H "Content-type:application/json" -H "Auth:<auth_token>" 'https://<appliance> /rest/alerts?filter=%22healthCategory+EQ+%27Certificate+Management%27%22'
You should see a response like the below:
HTTP/1.1 200 OK
Date: Fri, 01 Feb 2019 13:32:46 GMT
Server: Apache
Content-Type: application/json;charset=utf-8
cache-control: no-cache
Transfer-Encoding: chunked
{
"type": "AlertResourceCollectionV3",
"uri": "/rest/alerts?start=0&count=25&sort=created:descending&filter=\"healthCategory EQ 'Certificate Management'\"",
"category": "alerts",
"eTag": null,
"created": "2019-02-01T13:26:38.299Z",
"modified": "2019-02-01T13:26:38.299Z",
"start": 0,
"count": 1,
"total": 1,
"prevPageUri": null,
"nextPageUri": null,
"members": [
{
"type": "AlertResourceV3",
"uri": "/rest/alerts/1460",
"category": "alerts",
"eTag": "2019-02-01T07:25:04.795Z",
"created": "2019-02-01T07:25:04.795Z",
"modified": "2019-02-01T07:25:04.795Z",
"associatedEventUris": [
"/rest/events/26419"
],
"resourceID": null,
"assignedToUser": null,
"activityUri": null,
"changeLog": [],
"clearedByUser": null,
"clearedTime": null,
"correctiveAction": "Refer to the appliance specific documentation for required actions.",
"description": "The root CA certificate with alias name: VeriSign Class 3 Public Primary Certification Authority - G5 is signed with signature algorithm: SHA1WITHRSA, is not compliant for FIPS mode",
"alertTypeID": "Alerts.CertificateStatus.NonCompliant",
"urgency": "Immediate",
"healthCategory": "Certificate Management",
"lifeCycle": false,
"associatedResource": {
"resourceName": "Security",
"resourceUri": "/rest/certificates/ca/VeriSign Class 3 Public Primary Certification Authority - G5",
"resourceCategory": "appliance",
"associationType": "HAS_A"
},
"severity": "Critical",
"alertState": "Locked",
"physicalResourceType": "appliance",
"resourceUri": "/rest/certificates/ca/VeriSign Class 3 Public Primary Certification Authority - G5",
"serviceEventSource": false,
"serviceEventDetails": null,
"parentAlert": null,
"childAlerts": []
}
],
"alertSeverityCounts": null
}
Regards,
Bhaskar
I am an HPE employee
Hi @BradV
Locked alerts are usually meant to stay locked until the condition in the appliance that triggered the alert changes.
These are system generated and stay Locked and they auto clear soon after the condition changes,
The Locked alert you are seeing - is that the one about the Verisign CA certificate you saw above when changing the appliance cryptographic mode to FIPS? Let me know.
Regards,
Bhaskar
I am an HPE employee
