ApiCyberAlertFullDetails

JSON representation
ApiSecurityEvent
- JSON representation
ApiDomainRelation
- JSON representation

ApiCyberAlertFullDetails message.

JSON representation

JSON representation
{ "caseIdentifier" : string , "alertGroupIdentifier" : string , "additionalData" : string , "reportingVendor" : string , "reportingProduct" : string , "environment" : string , "name" : string , "description" : string , "externalId" : string , "ruleGenerator" : string , "severity" : integer , "tags" : [ string ] , "detectedTimeUnixMs" : string , "identifier" : string , "creationTimeUnixMs" : string , "modificationTimeUnixMs" : string , "additionalProperties" : { string : string , ... } , "securityEvents" : [ { object ( `ApiSecurityEvent` ) } ] , "domainRelations" : [ { object ( `ApiDomainRelation` ) } ] , "domainEntities" : [ { object ( `ApiDomainEntity` ) } ] }

 { 
 "caseIdentifier" 
 : 
 string 
 , 
 "alertGroupIdentifier" 
 : 
 string 
 , 
 "additionalData" 
 : 
 string 
 , 
 "reportingVendor" 
 : 
 string 
 , 
 "reportingProduct" 
 : 
 string 
 , 
 "environment" 
 : 
 string 
 , 
 "name" 
 : 
 string 
 , 
 "description" 
 : 
 string 
 , 
 "externalId" 
 : 
 string 
 , 
 "ruleGenerator" 
 : 
 string 
 , 
 "severity" 
 : 
 integer 
 , 
 "tags" 
 : 
 [ 
 string 
 ] 
 , 
 "detectedTimeUnixMs" 
 : 
 string 
 , 
 "identifier" 
 : 
 string 
 , 
 "creationTimeUnixMs" 
 : 
 string 
 , 
 "modificationTimeUnixMs" 
 : 
 string 
 , 
 "additionalProperties" 
 : 
 { 
 string 
 : 
 string 
 , 
 ... 
 } 
 , 
 "securityEvents" 
 : 
 [ 
 { 
 object (  ApiSecurityEvent 
 
) 
 } 
 ] 
 , 
 "domainRelations" 
 : 
 [ 
 { 
 object (  ApiDomainRelation 
 
) 
 } 
 ] 
 , 
 "domainEntities" 
 : 
 [ 
 { 
 object (  ApiDomainEntity 
 
) 
 } 
 ] 
 }

Fields
`caseIdentifier`	`string` Case identifier.
`alertGroupIdentifier`	`string` Alert group identifier.
`additionalData`	`string` Additional data.
`reportingVendor`	`string` Reporting vendor.
`reportingProduct`	`string` Reporting product.
`environment`	`string` Environment.
`name`	`string` Name.
`description`	`string` Description.
`externalId`	`string` External ID.
`ruleGenerator`	`string` Rule generator.
`severity`	`integer` Severity.
`tags[]`	`string` Tags.
`detectedTimeUnixMs`	`string ( int64 format)` Detected time in unix ms.
`identifier`	`string` Identifier.
`creationTimeUnixMs`	`string ( int64 format)` Creation time in unix ms.
`modificationTimeUnixMs`	`string ( int64 format)` Modification time in unix ms.
`additionalProperties`	`map (key: string, value: string)` Additional properties. An object containing a list of `"key": value` pairs. Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }` .
`securityEvents[]`	`object ( ApiSecurityEvent )` Security events.
`domainRelations[]`	`object ( ApiDomainRelation )` Domain relations.
`domainEntities[]`	`object ( ApiDomainEntity )` Domain entities.

ApiSecurityEvent

ApiSecurityEvent message.

JSON representation
{ "caseIdentifier" : string , "alertIdentifier" : string , "eventId" : string , "eventClassId" : string , "name" : string , "description" : string , "eventType" : string , "ruleGenerator" : string , "severity" : string , "categoryOutcome" : string , "startTimeUnixMs" : string , "endTimeUnixMs" : string , "sourceHostName" : string , "sourceAddress" : string , "sourceDnsDomain" : string , "sourceUserName" : string , "sourceUserId" : string , "sourceNtDomain" : string , "sourceProcessName" : string , "destinationHostName" : string , "destinationAddress" : string , "destinationUserName" : string , "destinationDnsDomain" : string , "destinationNtDomain" : string , "destinationProcessName" : string , "transportProtocol" : string , "applicationProtocol" : string , "destinationPort" : string , "destinationUrl" : string , "deployment" : string , "fileName" : string , "fileHash" : string , "fileType" : string , "emailSubject" : string , "signature" : string , "usb" : string , "sourceMacAddress" : string , "destinationMacAddress" : string , "creditCard" : string , "phoneNumber" : string , "cve" : string , "threatActor" : string , "threatCampaign" : string , "genericEntity" : string , "process" : string , "parentProcess" : string , "parentHash" : string , "childProcess" : string , "childHash" : string , "ipset" : string , "deviceHostName" : string , "deviceAddress" : string , "deviceVendor" : string , "deviceProduct" : string , "deviceVersion" : string , "deviceSeverity" : string , "sourceDomain" : string , "destinationDomain" : string , "identifier" : string , "creationTimeUnixMs" : string , "modificationTimeUnixMs" : string , "additionalProperties" : { string : string , ... } , "isCorrelation" : boolean }

JSON representation

 { 
 "caseIdentifier" 
 : 
 string 
 , 
 "alertIdentifier" 
 : 
 string 
 , 
 "eventId" 
 : 
 string 
 , 
 "eventClassId" 
 : 
 string 
 , 
 "name" 
 : 
 string 
 , 
 "description" 
 : 
 string 
 , 
 "eventType" 
 : 
 string 
 , 
 "ruleGenerator" 
 : 
 string 
 , 
 "severity" 
 : 
 string 
 , 
 "categoryOutcome" 
 : 
 string 
 , 
 "startTimeUnixMs" 
 : 
 string 
 , 
 "endTimeUnixMs" 
 : 
 string 
 , 
 "sourceHostName" 
 : 
 string 
 , 
 "sourceAddress" 
 : 
 string 
 , 
 "sourceDnsDomain" 
 : 
 string 
 , 
 "sourceUserName" 
 : 
 string 
 , 
 "sourceUserId" 
 : 
 string 
 , 
 "sourceNtDomain" 
 : 
 string 
 , 
 "sourceProcessName" 
 : 
 string 
 , 
 "destinationHostName" 
 : 
 string 
 , 
 "destinationAddress" 
 : 
 string 
 , 
 "destinationUserName" 
 : 
 string 
 , 
 "destinationDnsDomain" 
 : 
 string 
 , 
 "destinationNtDomain" 
 : 
 string 
 , 
 "destinationProcessName" 
 : 
 string 
 , 
 "transportProtocol" 
 : 
 string 
 , 
 "applicationProtocol" 
 : 
 string 
 , 
 "destinationPort" 
 : 
 string 
 , 
 "destinationUrl" 
 : 
 string 
 , 
 "deployment" 
 : 
 string 
 , 
 "fileName" 
 : 
 string 
 , 
 "fileHash" 
 : 
 string 
 , 
 "fileType" 
 : 
 string 
 , 
 "emailSubject" 
 : 
 string 
 , 
 "signature" 
 : 
 string 
 , 
 "usb" 
 : 
 string 
 , 
 "sourceMacAddress" 
 : 
 string 
 , 
 "destinationMacAddress" 
 : 
 string 
 , 
 "creditCard" 
 : 
 string 
 , 
 "phoneNumber" 
 : 
 string 
 , 
 "cve" 
 : 
 string 
 , 
 "threatActor" 
 : 
 string 
 , 
 "threatCampaign" 
 : 
 string 
 , 
 "genericEntity" 
 : 
 string 
 , 
 "process" 
 : 
 string 
 , 
 "parentProcess" 
 : 
 string 
 , 
 "parentHash" 
 : 
 string 
 , 
 "childProcess" 
 : 
 string 
 , 
 "childHash" 
 : 
 string 
 , 
 "ipset" 
 : 
 string 
 , 
 "deviceHostName" 
 : 
 string 
 , 
 "deviceAddress" 
 : 
 string 
 , 
 "deviceVendor" 
 : 
 string 
 , 
 "deviceProduct" 
 : 
 string 
 , 
 "deviceVersion" 
 : 
 string 
 , 
 "deviceSeverity" 
 : 
 string 
 , 
 "sourceDomain" 
 : 
 string 
 , 
 "destinationDomain" 
 : 
 string 
 , 
 "identifier" 
 : 
 string 
 , 
 "creationTimeUnixMs" 
 : 
 string 
 , 
 "modificationTimeUnixMs" 
 : 
 string 
 , 
 "additionalProperties" 
 : 
 { 
 string 
 : 
 string 
 , 
 ... 
 } 
 , 
 "isCorrelation" 
 : 
 boolean 
 }

Fields
`caseIdentifier`	`string` Case identifier.
`alertIdentifier`	`string` Alert identifier.
`eventId`	`string` Event ID.
`eventClassId`	`string` Event class ID.
`name`	`string` Name.
`description`	`string` Description.
`eventType`	`string` Event type.
`ruleGenerator`	`string` Rule generator.
`severity`	`string` Severity.
`categoryOutcome`	`string` Category outcome.
`startTimeUnixMs`	`string ( int64 format)` Start time in unix ms.
`endTimeUnixMs`	`string ( int64 format)` End time in unix ms.
`sourceHostName`	`string` Source host name.
`sourceAddress`	`string` Source address.
`sourceDnsDomain`	`string` Source DNS domain.
`sourceUserName`	`string` Source user name.
`sourceUserId`	`string` Source user ID.
`sourceNtDomain`	`string` Source NT domain.
`sourceProcessName`	`string` Source process name.
`destinationHostName`	`string` Destination host name.
`destinationAddress`	`string` Destination address.
`destinationUserName`	`string` Destination user name.
`destinationDnsDomain`	`string` Destination DNS domain.
`destinationNtDomain`	`string` Destination NT domain.
`destinationProcessName`	`string` Destination process name.
`transportProtocol`	`string` Transport protocol.
`applicationProtocol`	`string` Application protocol.
`destinationPort`	`string` Destination port.
`destinationUrl`	`string` Destination URL.
`deployment`	`string` Deployment.
`fileName`	`string` File name.
`fileHash`	`string` File hash.
`fileType`	`string` File type.
`emailSubject`	`string` Email subject.
`signature`	`string` Signature.
`usb`	`string` USB.
`sourceMacAddress`	`string` Source mac address.
`destinationMacAddress`	`string` Destination mac address.
`creditCard`	`string` Credit card.
`phoneNumber`	`string` Phone number.
`cve`	`string` CVE.
`threatActor`	`string` Threat actor.
`threatCampaign`	`string` Threat campaign.
`genericEntity`	`string` Generic entity.
`process`	`string` Process.
`parentProcess`	`string` Parent process.
`parentHash`	`string` Parent hash.
`childProcess`	`string` Child process.
`childHash`	`string` Child hash.
`ipset`	`string` IPSET.
`deviceHostName`	`string` Device host name.
`deviceAddress`	`string` Device address.
`deviceVendor`	`string` Device vendor.
`deviceProduct`	`string` Device product.
`deviceVersion`	`string` Device version.
`deviceSeverity`	`string` Device severity.
`sourceDomain`	`string` Source domain.
`destinationDomain`	`string` Destination domain.
`identifier`	`string` Identifier.
`creationTimeUnixMs`	`string ( int64 format)` Creation time in unix ms.
`modificationTimeUnixMs`	`string ( int64 format)` Modification time in unix ms.
`additionalProperties`	`map (key: string, value: string)` Additional properties. An object containing a list of `"key": value` pairs. Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }` .
`isCorrelation`	`boolean` Is correlation.

ApiDomainRelation

ApiDomainRelation message.

JSON representation
{ "caseIdentifier" : string , "alertIdentifier" : string , "securityEventIdentifier" : string , "relationType" : string , "eventId" : string , "fromIdentifier" : string , "fromType" : string , "toIdentifier" : string , "toType" : string , "deviceVendor" : string , "deviceProduct" : string , "eventClassId" : string , "severity" : string , "categoryOutcome" : string , "destinationPort" : string , "startTimeUnixMs" : string , "endTimeUnixMs" : string , "identifier" : string , "creationTimeUnixMs" : string , "modificationTimeUnixMs" : string , "additionalProperties" : { string : string , ... } }

JSON representation

 { 
 "caseIdentifier" 
 : 
 string 
 , 
 "alertIdentifier" 
 : 
 string 
 , 
 "securityEventIdentifier" 
 : 
 string 
 , 
 "relationType" 
 : 
 string 
 , 
 "eventId" 
 : 
 string 
 , 
 "fromIdentifier" 
 : 
 string 
 , 
 "fromType" 
 : 
 string 
 , 
 "toIdentifier" 
 : 
 string 
 , 
 "toType" 
 : 
 string 
 , 
 "deviceVendor" 
 : 
 string 
 , 
 "deviceProduct" 
 : 
 string 
 , 
 "eventClassId" 
 : 
 string 
 , 
 "severity" 
 : 
 string 
 , 
 "categoryOutcome" 
 : 
 string 
 , 
 "destinationPort" 
 : 
 string 
 , 
 "startTimeUnixMs" 
 : 
 string 
 , 
 "endTimeUnixMs" 
 : 
 string 
 , 
 "identifier" 
 : 
 string 
 , 
 "creationTimeUnixMs" 
 : 
 string 
 , 
 "modificationTimeUnixMs" 
 : 
 string 
 , 
 "additionalProperties" 
 : 
 { 
 string 
 : 
 string 
 , 
 ... 
 } 
 }

Fields
`caseIdentifier`	`string` Case identifier.
`alertIdentifier`	`string` Alert identifier.
`securityEventIdentifier`	`string` Security event identifier.
`relationType`	`string` Relation type.
`eventId`	`string` Event ID.
`fromIdentifier`	`string` From identifier.
`fromType`	`string` From type.
`toIdentifier`	`string` To identifier.
`toType`	`string` To type.
`deviceVendor`	`string` Device vendor.
`deviceProduct`	`string` Device product.
`eventClassId`	`string` Event class ID.
`severity`	`string` Severity.
`categoryOutcome`	`string` Category outcome.
`destinationPort`	`string` Destination port.
`startTimeUnixMs`	`string ( int64 format)` Start time in unix ms.
`endTimeUnixMs`	`string ( int64 format)` End time in unix ms.
`identifier`	`string` Identifier.
`creationTimeUnixMs`	`string ( int64 format)` Creation time in unix ms.
`modificationTimeUnixMs`	`string ( int64 format)` Modification time in unix ms.
`additionalProperties`	`map (key: string, value: string)` Additional properties. An object containing a list of `"key": value` pairs. Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }` .

ApiCyberAlertFullDetails Stay organized with collections Save and categorize content based on your preferences.

ApiSecurityEvent

ApiDomainRelation

ApiCyberAlertFullDetails