Security Deck Alerts Audit Trails Events: CreateAlert
Event JSON schema
{
"eventId": "string",
"eventSource": "string",
"eventType": "string",
"eventTime": "string",
"resourceMetadata": {
"path": [
{
"resourceType": "string",
"resourceId": "string",
// Includes only one of the fields `resourceName`
"resourceName": "string"
// end of the list of possible fields
}
]
},
"eventStatus": "string",
"details": {
"alertId": "string",
"alertSinkId": "string",
"alertSinkName": "string",
"sensorId": "string",
"sensorName": "string",
"severity": "string",
"title": "object",
"description": "object",
"category": "object",
"createdAt": "string",
"details": "object",
"relatedResources": [
{
"id": "string",
"type": "string"
}
],
"ruleId": "string"
}
}
Field description
|
Field |
Description |
|
eventId |
string |
|
eventSource |
string |
|
eventType |
string |
|
eventTime |
string (date-time) String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
resourceMetadata |
|
|
eventStatus |
enum (EventStatus)
|
|
details |
ResourceMetadata
|
Field |
Description |
|
path[] |
Resource
|
Field |
Description |
|
resourceType |
string |
|
resourceId |
string |
|
resourceName |
string Includes only one of the fields |
EventDetails
|
Field |
Description |
|
alertId |
string |
|
alertSinkId |
string |
|
alertSinkName |
string |
|
sensorId |
string |
|
sensorName |
string |
|
severity |
enum (Severity)
|
|
title |
object (map<string, string>) More than 0 per resource. |
|
description |
object (map<string, string>) More than 0 per resource. |
|
category |
object (map<string, string>) More than 0 per resource. |
|
createdAt |
string (date-time) String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
details |
object |
|
relatedResources[] |
|
|
ruleId |
string |
RelatedResource
|
Field |
Description |
|
id |
string |
|
type |
string |