Console
    Contact Us Start free

    EntityRiskScoreModification

    Message of Entity Risk Score Modification.

    JSON representation 
     { 
 "modificationType" 
 : 
 enum (  EntityRiskScoreModificationType 
 
) 
 , 
 "modificationTime" 
 : 
 string 
 , 
 "author" 
 : 
 string 
 , 
 "modificationReason" 
 : 
 string 
 , 
 "multiplyingFactor" 
 : 
 number 
 , 
 "multiplyingFactorTtl" 
 : 
 string 
 , 
 "modificationResourceId" 
 : 
 { 
 object (  EntityRiskScoreModificationResourceId 
 
) 
 } 
 }
    Fields
    modificationType

    enum ( EntityRiskScoreModificationType )

    Required. Modification type.
    modificationTime

    string ( Timestamp format)

    Output only. Modification timestamp.

    Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z" , "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30" .
    author

    string

    Output only. The analyst id of who made the modification to base entity risk score.
    modificationReason

    string

    Required. Modification reason.
    multiplyingFactor

    number

    Required. Multiplying factor.
    multiplyingFactorTtl

    string ( Duration format)

    Optional. TTL for the multiplying factor. Only present when modificationType is of MULTIPLY_ENTITY_RISK_SCORE_WITH_TTL type.

    A duration in seconds with up to nine fractional digits, ending with ' s '. Example: "3.5s" .
    modificationResourceId

    object ( EntityRiskScoreModificationResourceId )

    Optional. The resource id for which the user chooses to modify risk score. Resource id could be detection id or rule id.

    EntityRiskScoreModificationType

    Type of Entity Risk Score Modification.

    Enums
    ENTITY_RISK_SCORE_MODIFICATION_TYPE_UNSPECIFIED Unspecified state for entity risk score modification type.
    MULTIPLY_CURRENT_ENTITY_RISK_SCORE Multiply type for applying multiplying factor on underlying detections that contribute to base entity risk score until they fade out in the sliding risk window.
    MULTIPLY_ENTITY_RISK_SCORE_WITH_TTL Multiply type for applying multiplying factor to entity risk score with a TTL.
    MULTIPLY_DETECTION_RISK_SCORE_BY_DETECTION_ID Multiply a specific detection's risk score during entity risk score calculation.
    MULTIPLY_DETECTION_RISK_SCORE_BY_RULE_ID_WITH_TTL Multiply detection risk score triggered by a specific rule during entity risk score calculation with a TTL.

    EntityRiskScoreModificationResourceId

    Message of resource id for which the user chooses to modify risk score. Resource id could be detection id or rule id.

    JSON representation 
     { 
 // Union field id 
can be only one of the following: 
 "detectionId" 
 : 
 string 
 , 
 "ruleId" 
 : 
 string 
 // End of list of possible types for union field id 
. 
 }
    Fields
    Union field id . The resource id for which the user chooses to modify risk score. Resource id could be detection id or rule id. id can be only one of the following:
    detectionId

    string

    Optional. The detection id for which the user chooses to modify detection risk score for.

    ruleId

    string

    Optional. The rule id for which the user chooses to modify detection risk score for.
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: