Resource: Alert
An alert affecting a customer.
| JSON representation |
|---|
{
"customerId"
:
string
,
"alertId"
:
string
,
"createTime"
:
string
,
"startTime"
:
string
,
"endTime"
:
string
,
"type"
:
string
,
"source"
:
string
,
"data"
:
{
"@type"
:
string
,
field1
:
...
,
...
}
,
"securityInvestigationToolLink"
:
string
,
"deleted"
:
boolean
,
"metadata"
:
{
object (
|
customerId
string
Output only. The unique identifier of the Google Workspace account of the customer.
alertId
string
Output only. The unique identifier for the alert.
createTime
string (
Timestamp
format)
Output only. The time this alert was created.
startTime
string (
Timestamp
format)
Required. The time the event that caused this alert was started or detected.
endTime
string (
Timestamp
format)
Optional. The time the event that caused this alert ceased being active. If provided, the end time must not be earlier than the start time. If not provided, it indicates an ongoing alert.
type
string
Required. The type of the alert. This is output only after alert is created. For a list of available alert types see Google Workspace Alert types .
source
string
Required. A unique identifier for the system that reported the alert. This is output only after alert is created.
Supported sources are any of the following:
- Google Operations
- Mobile device management
- Gmail phishing
- Data Loss Prevention
- Domain wide takeout
- State sponsored attack
- Google identity
- Apps outage
data
object
Optional. The data associated with this alert, for example google.apps.alertcenter.type.DeviceCompromised
.
securityInvestigationToolLink
string
Output only. An optional Security Investigation Tool query for this alert.
deleted
boolean
Output only. True
if this alert is marked for deletion.
updateTime
string (
Timestamp
format)
Output only. The time this alert was last updated.
etag
string
Optional. etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of an alert from overwriting each other. It is strongly suggested that systems make use of the etag
in the read-modify-write cycle to perform alert updates in order to avoid race conditions: An etag
is returned in the response which contains alerts, and systems are expected to put that etag in the request to update alert to ensure that their change will be applied to the same version of the alert.
If no etag
is provided in the call to update alert, then the existing alert is overwritten blindly.
AlertMetadata
An alert metadata.
| JSON representation |
|---|
{ "customerId" : string , "alertId" : string , "status" : string , "assignee" : string , "updateTime" : string , "severity" : string , "etag" : string } |
customerId
string
Output only. The unique identifier of the Google Workspace account of the customer.
alertId
string
Output only. The alert identifier.
status
string
The current status of the alert. The supported values are the following:
- NOT_STARTED
- IN_PROGRESS
- CLOSED
assignee
string
The email address of the user assigned to the alert.
updateTime
string (
Timestamp
format)
Output only. The time this metadata was last updated.
severity
string
The severity value of the alert. Alert Center will set this field at alert creation time, default's to an empty string when it could not be determined. The supported values for update actions on this field are the following:
- HIGH
- MEDIUM
- LOW
etag
string
Optional. etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of an alert metadata from overwriting each other. It is strongly suggested that systems make use of the etag
in the read-modify-write cycle to perform metadata updates in order to avoid race conditions: An etag
is returned in the response which contains alert metadata, and systems are expected to put that etag in the request to update alert metadata to ensure that their change will be applied to the same version of the alert metadata.
If no etag
is provided in the call to update alert metadata, then the existing alert metadata is overwritten blindly.
Methods |
|
|---|---|
|
Performs batch delete operation on alerts. |
|
Performs batch undelete operation on alerts. |
|
Marks the specified alert for deletion. |
|
Gets the specified alert. |
|
Returns the metadata of an alert. |
|
Lists the alerts. |
|
Restores, or "undeletes", an alert that was marked for deletion within the past 30 days. |
