Node

JSON representation
IndividualNode
- JSON representation
IndicatorSummary
- JSON representation
IndicatorAliases
- JSON representation
GroupNode
- JSON representation
GroupNodeDetail
- JSON representation
DetectionGroup
- JSON representation
AlertState
EntityGroupMetadata
- JSON representation

A generic node in a graph.

JSON representation

JSON representation
{ "id" : string , "displayName" : string , // Union field `node_detail` can be only one of the following: "individualNode" : { object ( `IndividualNode` ) } , "groupNode" : { object ( `GroupNode` ) } // End of list of possible types for union field `node_detail` . }

 { 
 "id" 
 : 
 string 
 , 
 "displayName" 
 : 
 string 
 , 
 // Union field node_detail 
can be only one of the following: 
 "individualNode" 
 : 
 { 
 object (  IndividualNode 
 
) 
 } 
 , 
 "groupNode" 
 : 
 { 
 object (  GroupNode 
 
) 
 } 
 // End of list of possible types for union field node_detail 
. 
 }

Fields

id

string

Required. The unique string id of the node.

displayName

string

Output only. The display name of the node.

Union field node_detail . Detailed information about a node. A node can be either an individual node or a group node. node_detail can be only one of the following:

individualNode

object ( IndividualNode )

A individual node which contains a resource.

groupNode

object ( GroupNode )

A group node in a graph which represents a collection of individual nodes.

IndividualNode

A individual node which contains a resource.

JSON representation

JSON representation
{ "adjacentIndividualNodesCount" : integer , // Union field `node_detail` can be only one of the following: "detection" : { object ( `Collection` ) } , "indicatorSummary" : { object ( `IndicatorSummary` ) } // End of list of possible types for union field `node_detail` . }

 { 
 "adjacentIndividualNodesCount" 
 : 
 integer 
 , 
 // Union field node_detail 
can be only one of the following: 
 "detection" 
 : 
 { 
 object (  Collection 
 
) 
 } 
 , 
 "indicatorSummary" 
 : 
 { 
 object (  IndicatorSummary 
 
) 
 } 
 // End of list of possible types for union field node_detail 
. 
 }

Fields

adjacentIndividualNodesCount

integer

Output only. The number of individual nodes adjacent to the current node.

Union field node_detail . Detailed information of the node. node_detail can be only one of the following:

detection

object ( Collection )

Output only. Detail about a detection node.

indicatorSummary

object ( IndicatorSummary )

Output only. Indicator summary information about an entity node.

IndicatorSummary

A summary of aliased indicators of an entity.

JSON representation

JSON representation
{ "entity" : string , "timeRange" : { object ( `Interval` ) } , "displayIndicator" : { object ( `EntityIndicator` ) } , "aliases" : [ { object ( `IndicatorAliases` ) } ] , "entityRiskScore" : integer }

 { 
 "entity" 
 : 
 string 
 , 
 "timeRange" 
 : 
 { 
 object (  Interval 
 
) 
 } 
 , 
 "displayIndicator" 
 : 
 { 
 object (  EntityIndicator 
 
) 
 } 
 , 
 "aliases" 
 : 
 [ 
 { 
 object (  IndicatorAliases 
 
) 
 } 
 ] 
 , 
 "entityRiskScore" 
 : 
 integer 
 }

Fields
`entity`	`string` The resource name of an entity. Format: projects/{project}/locations/{location}/instances/{instance}/entities/{entity}
`timeRange`	`object ( Interval )` The time range that the aliases are valid for. This is the same as the Entity interval, and is duplicated here for convenience.
`displayIndicator`	`object ( EntityIndicator )` The EntityIndicator used to represent the IndicatorSummary.
`aliases[]`	`object ( IndicatorAliases )` A list of IndicatorAliases across different time ranges.
`entityRiskScore`	`integer` The risk score of the entity at the end of the time range.

IndicatorAliases

A list of aliased indicators within a time range.

JSON representation
{ "timeRange" : { object ( `Interval` ) } , "aliases" : [ { object ( `EntityIndicator` ) } ] }

Fields

Fields
`timeRange`	`object ( Interval )` The time range of the aliases is valid for.
`aliases[]`	`object ( EntityIndicator )` A list of aliased indicators within the time range.

timeRange

object ( Interval )

The time range of the aliases is valid for.

aliases[]

object ( EntityIndicator )

A list of aliased indicators within the time range.

GroupNode

A group node in a graph, which can be a indicator-related detection group or a rule-related detection group.

JSON representation
{ "groupNodeDetail" : { object ( `GroupNodeDetail` ) } , "individualNodeCount" : integer }

Fields

Fields
`groupNodeDetail`	`object ( GroupNodeDetail )` Output only. The detail information of a group node.
`individualNodeCount`	`integer` Output only. The individual nodes count in the group.

groupNodeDetail

object ( GroupNodeDetail )

Output only. The detail information of a group node.

individualNodeCount

integer

Output only. The individual nodes count in the group.

GroupNodeDetail

Detail information of a group node.

JSON representation

JSON representation
{ "parentNodeId" : string , // Union field `group` can be only one of the following: "indicatorRelatedDetectionGroup" : { object ( `DetectionGroup` ) } , "ruleRelatedDetectionGroup" : { object ( `DetectionGroup` ) } , "entityGroupMetadata" : { object ( `EntityGroupMetadata` ) } // End of list of possible types for union field `group` . }

 { 
 "parentNodeId" 
 : 
 string 
 , 
 // Union field group 
can be only one of the following: 
 "indicatorRelatedDetectionGroup" 
 : 
 { 
 object (  DetectionGroup 
 
) 
 } 
 , 
 "ruleRelatedDetectionGroup" 
 : 
 { 
 object (  DetectionGroup 
 
) 
 } 
 , 
 "entityGroupMetadata" 
 : 
 { 
 object (  EntityGroupMetadata 
 
) 
 } 
 // End of list of possible types for union field group 
. 
 }

Fields

parentNodeId

string

The source of the parent node of the current group node. The parent node can only be an individual node.

Union field group . The detailed information about a group node. group can be only one of the following:

indicatorRelatedDetectionGroup

object ( DetectionGroup )

An indicator-related detection group.

ruleRelatedDetectionGroup

object ( DetectionGroup )

A rule-related detection group.

entityGroupMetadata

object ( EntityGroupMetadata )

An entity group.

DetectionGroup

A detection group, which contains fields about how the detections got grouped. NEXT_TAG: 4

JSON representation
{ "alertState" : enum ( `AlertState` ) , "rule" : string , "ruleDisplayName" : string }

Fields

Fields
`alertState`	`enum ( AlertState )` Output only. The state of a detection representing if the detection is an alert or not.
`rule`	`string` Optional. The Rule a detection generated from. Format: projects/{project}/locations/{location}/instances/{instance}/rules/{rule}
`ruleDisplayName`	`string` Output only. The rule display name.

alertState

enum ( AlertState )

Output only. The state of a detection representing if the detection is an alert or not.

rule

string

Optional. The Rule a detection generated from. Format: projects/{project}/locations/{location}/instances/{instance}/rules/{rule}

ruleDisplayName

string

Output only. The rule display name.

AlertState

The alert state of a detection.

Enums
`ALERT_STATE_UNSPECIFIED`	The default/unset value. The API will default to the ALERT_STATE_ALERTING.
`ALERT_STATE_NOT_ALERTING`	A not alerting state.
`ALERT_STATE_ALERTING`	An alerting state.

EntityGroupMetadata

An entity group metadata, which contains fields about how the entities got grouped.

JSON representation
{ "entityType" : enum ( `EntityType` ) }

Fields

entityType

enum ( EntityType )

Output only. The type of entities in the group.

Node Stay organized with collections Save and categorize content based on your preferences.

IndividualNode

IndicatorSummary

IndicatorAliases

GroupNode

GroupNodeDetail

DetectionGroup

AlertState

EntityGroupMetadata

Node