- JSON representation
- IndividualNode
- IndicatorSummary
- IndicatorAliases
- GroupNode
- GroupNodeDetail
- DetectionGroup
- AlertState
- EntityGroupMetadata
A generic node in a graph.
| JSON representation |
|---|
{ "id" : string , "displayName" : string , // Union field |
id
string
Required. The unique string id of the node.
displayName
string
Output only. The display name of the node.
node_detail
. Detailed information about a node. A node can be either an individual node or a group node. node_detail
can be only one of the following:individualNode
object (
IndividualNode
)
A individual node which contains a resource.
groupNode
object (
GroupNode
)
A group node in a graph which represents a collection of individual nodes.
IndividualNode
A individual node which contains a resource.
| JSON representation |
|---|
{ "adjacentIndividualNodesCount" : integer , // Union field |
adjacentIndividualNodesCount
integer
Output only. The number of individual nodes adjacent to the current node.
node_detail
. Detailed information of the node. node_detail
can be only one of the following:detection
object (
Collection
)
Output only. Detail about a detection node.
indicatorSummary
object (
IndicatorSummary
)
Output only. Indicator summary information about an entity node.
IndicatorSummary
A summary of aliased indicators of an entity.
| JSON representation |
|---|
{ "entity" : string , "timeRange" : { object ( |
| Fields | |
|---|---|
entity
|
The resource name of an entity. Format: projects/{project}/locations/{location}/instances/{instance}/entities/{entity} |
timeRange
|
The time range that the aliases are valid for. This is the same as the Entity interval, and is duplicated here for convenience. |
displayIndicator
|
The EntityIndicator used to represent the IndicatorSummary. |
aliases[]
|
A list of IndicatorAliases across different time ranges. |
entityRiskScore
|
The risk score of the entity at the end of the time range. |
IndicatorAliases
A list of aliased indicators within a time range.
| JSON representation |
|---|
{ "timeRange" : { object ( |
| Fields | |
|---|---|
timeRange
|
The time range of the aliases is valid for. |
aliases[]
|
A list of aliased indicators within the time range. |
GroupNode
A group node in a graph, which can be a indicator-related detection group or a rule-related detection group.
| JSON representation |
|---|
{
"groupNodeDetail"
:
{
object (
|
| Fields | |
|---|---|
groupNodeDetail
|
Output only. The detail information of a group node. |
individualNodeCount
|
Output only. The individual nodes count in the group. |
GroupNodeDetail
Detail information of a group node.
| JSON representation |
|---|
{ "parentNodeId" : string , // Union field |
parentNodeId
string
The source of the parent node of the current group node. The parent node can only be an individual node.
group
. The detailed information about a group node. group
can be only one of the following:DetectionGroup
A detection group, which contains fields about how the detections got grouped. NEXT_TAG: 4
| JSON representation |
|---|
{
"alertState"
:
enum (
|
| Fields | |
|---|---|
alertState
|
Output only. The state of a detection representing if the detection is an alert or not. |
rule
|
Optional. The Rule a detection generated from. Format: projects/{project}/locations/{location}/instances/{instance}/rules/{rule} |
ruleDisplayName
|
Output only. The rule display name. |
AlertState
The alert state of a detection.
| Enums | |
|---|---|
ALERT_STATE_UNSPECIFIED
|
The default/unset value. The API will default to the ALERT_STATE_ALERTING. |
ALERT_STATE_NOT_ALERTING
|
A not alerting state. |
ALERT_STATE_ALERTING
|
An alerting state. |
EntityGroupMetadata
An entity group metadata, which contains fields about how the entities got grouped.
| JSON representation |
|---|
{
"entityType"
:
enum (
|
| Fields | |
|---|---|
entityType
|
Output only. The type of entities in the group. |
