- JSON representation
- Investigator
- GraphNodeGroup
- GraphNode
- GraphRelationGroup
- GraphRelation
- GraphRelationPropertyValue
- ApiSecurityAlertDetails
- ApiSecurityEventDetails
- ApiSecurityEntityCard
- SecurityEntityDirection
Graph widget.
| JSON representation |
|---|
{ "investigator" : { object ( |
| Fields | |
|---|---|
investigator
|
Output only. The investigator to display. |
title
|
Output only. The widget title. |
order
|
Output only. The widget order. |
type
|
Output only. The widget template type. |
gridColumns
|
Output only. The widget template grid columns. |
description
|
Output only. The widget description. |
identifier
|
Output only. The widget identifier. |
jsonData
|
Output only. The widget json data. |
errorJsonData
|
Output only. The widget error json data. |
resultStatus
|
Output only. The widget result status. |
Investigator
Investigator.
| JSON representation |
|---|
{ "nodes" : [ { object ( |
| Fields | |
|---|---|
nodes[]
|
Output only. The nodes to display. |
relations[]
|
Output only. The relations to display. |
alerts[]
|
Output only. The alerts to display. |
caseId
|
Output only. The case id. |
caseTitle
|
Output only. The case title. |
lastModifed
|
Output only. The last modified time of the case. |
assignedUser
|
Output only. The assigned user. |
tags[]
|
Output only. The tags of the case. |
priority
|
Output only. The case priority. |
environment
|
Output only. The environment of the case. |
status
|
Output only. The case status. |
GraphNodeGroup
Graph node group.
| JSON representation |
|---|
{ "primaryNode" : { object ( |
| Fields | |
|---|---|
primaryNode
|
Output only. The primary node. |
nodes[]
|
Output only. The nodes to display. |
GraphNode
Graph node.
| JSON representation |
|---|
{
"isInternal"
:
boolean
,
"isSuspicious"
:
boolean
,
"isArtifact"
:
boolean
,
"isVulnerable"
:
boolean
,
"isPivot"
:
boolean
,
"identifier"
:
string
,
"alertIdentifier"
:
string
,
"type"
:
string
,
"sourceUrl"
:
string
,
"fields"
:
[
{
object (
|
| Fields | |
|---|---|
isInternal
|
Output only. Flag that indicates whether the node is internal or not. |
isSuspicious
|
Output only. Flag that indicates whether the node is suspicious or not. |
isArtifact
|
Output only. Flag that indicates whether the node is an artifact or not. |
isVulnerable
|
Output only. Flag that indicates whether the node is vulnerable or not. |
isPivot
|
Output only. Flag that indicates whether the node is a pivot or not. |
identifier
|
Output only. The node identifier. |
alertIdentifier
|
Output only. The alert identifier. This is a unique identifier for the alert. Format: {alertName}_{ticketId} |
type
|
Output only. The type of the node. |
sourceUrl
|
Output only. The source URL. |
fields[]
|
Output only. The context groups. |
GraphRelationGroup
Graph relation group.
| JSON representation |
|---|
{ "fromType" : string , "toType" : string , "identifier" : string , "fromIdentifier" : string , "toIdentifier" : string , "primaryRelation" : { object ( |
| Fields | |
|---|---|
fromType
|
Output only. The from type of the relation. |
toType
|
Output only. The to type of the relation. |
identifier
|
Output only. The relation identifier. |
fromIdentifier
|
Output only. The from identifier. |
toIdentifier
|
Output only. The to identifier. |
primaryRelation
|
Output only. The primary relation. |
relations[]
|
Output only. The relations to display. |
GraphRelation
Graph relation.
| JSON representation |
|---|
{
"eventId"
:
string
,
"fromIdentifier"
:
string
,
"toIdentifier"
:
string
,
"identifier"
:
string
,
"type"
:
string
,
"fields"
:
[
{
object (
|
| Fields | |
|---|---|
eventId
|
Output only. The event identifier. |
fromIdentifier
|
Output only. The from identifier. |
toIdentifier
|
Output only. The to identifier. |
identifier
|
Output only. The graph relation identifier. |
type
|
Output only. The type of the relation. |
fields[]
|
Output only. The graph relation property fields. |
GraphRelationPropertyValue
The graph relation property value.
| JSON representation |
|---|
{ "key" : string , "value" : string } |
| Fields | |
|---|---|
key
|
Output only. The property key. |
value
|
Output only. The property value. |
ApiSecurityAlertDetails
Security alert details.
| JSON representation |
|---|
{ "ticketId" : string , "status" : enum ( |
| Fields | |
|---|---|
ticketId
|
Output only. The ticket id. |
status
|
Output only. The alert status. |
identifier
|
Output only. The alert identifier. This is a unique identifier for the alert. Format: {alertName}_{ticketId} |
hasWorkflows
|
Output only. Flag that indicates whether the alert has workflows or not. |
workflowsStatus
|
Output only. The workflow status. |
sourceSystemName
|
Output only. The source system name. |
securityEventCards[]
|
Output only. The security event cards. |
entityCards[]
|
Output only. The entity cards of the alert. |
productFamilies[]
|
Output only. The product families of the alert. |
fields[]
|
Output only. The fields of the alert. |
name
|
Output only. The alert name. |
product
|
Output only. The product of the alert. |
startTimeUnixTimeInMs
|
Output only. The start time of the alert. |
apiSlaExpiration
|
Output only. The alert SLA. |
isManualAlert
|
Output only. Flag that indicates whether the alert is manual or not. |
priority
|
Output only. The alert priority. |
ApiSecurityEventDetails
Security event details.
| JSON representation |
|---|
{ "caseId" : integer , "eventId" : string , "alertIdentifier" : string , "eventName" : string , "product" : string , "sources" : [ { object ( |
| Fields | |
|---|---|
caseId
|
Output only. The case id. |
eventId
|
Output only. The event id. |
alertIdentifier
|
Output only. The alert identifier. This is a unique identifier for the alert. Format: {alertName}_{ticketId} |
eventName
|
Output only. The event name. |
product
|
Output only. The product name. |
sources[]
|
Output only. The sources of the event. |
destinations[]
|
Output only. The destinations of the event. |
artifactes[]
|
Output only. The entities of the event. |
port
|
Output only. The port of the event. |
outcome
|
Output only. The outcome of the event. |
deviceEventClassId
|
Output only. The event class id of the event. |
fields[]
|
Output only. The fields of the event. |
timestamp
|
Output only. The timestamp of the event. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
ApiSecurityEntityCard
Security entity card.
| JSON representation |
|---|
{ "identifier" : string , "entityType" : string , "isSuspicious" : boolean , "linkedEntities" : [ { object ( |
| Fields | |
|---|---|
identifier
|
Output only. The entity identifier. |
entityType
|
Output only. The entity type. |
isSuspicious
|
Output only. Flag that indicates whether the entity is suspicious or not. |
linkedEntities[]
|
Output only. The linked entities of the alert. |
direction
|
Output only. The entity direction of the alert. |
SecurityEntityDirection
The security entity direction.
| Enums | |
|---|---|
SECURITY_ENTITY_DIRECTION_UNSPECIFIED
|
Unspecified entity direction. |
NONE
|
Entity direction is none. |
INBOUND
|
Entity direction is inbound. |
OUTBOUND
|
Entity direction is outbound. |
BOTH
|
Entity direction is both. |
