AlertCard

JSON representation
AlertCardFieldGroupData
- JSON representation
AlertCardFieldData
- JSON representation

Alert card.

JSON representation

JSON representation
{ "id": string, "creationTimeUnixTimeInMs": string, "modificationTimeUnixTimeInMs": string, "identifier": string, "status": enum (`AlertStatus`), "name": string, "priority": enum (`LegacyCasePriority`), "workflowsStatus": enum (`WorkflowStatus`), "startTime": string, "endTime": string, "alertGroupIdentifier": string, "eventsCount": integer, "title": string, "ruleGenerator": string, "deviceProduct": string, "deviceVendor": string, "playbookAttached": string, "playbookRunCount": integer, "isManualAlert": boolean, "sla": { object (`AlertCardSla`) }, "fieldsGroups": [ { object (`AlertCardFieldGroupData`) } ], "sourceUrl": string, "sourceRuleUrl": string, "relatedCases": [ integer ], "caseId": integer, "nestingDepth": integer, "slaExpirationUnixTime": string, "slaCriticalExpirationUnixTime": string, "siemAlertId": string, "lastSourceUpdateUnixTimeInMs": integer }

{
  "id": string,
  "creationTimeUnixTimeInMs": string,
  "modificationTimeUnixTimeInMs": string,
  "identifier": string,
  "status": enum (AlertStatus),
  "name": string,
  "priority": enum (LegacyCasePriority),
  "workflowsStatus": enum (WorkflowStatus),
  "startTime": string,
  "endTime": string,
  "alertGroupIdentifier": string,
  "eventsCount": integer,
  "title": string,
  "ruleGenerator": string,
  "deviceProduct": string,
  "deviceVendor": string,
  "playbookAttached": string,
  "playbookRunCount": integer,
  "isManualAlert": boolean,
  "sla": {
    object (AlertCardSla)
  },
  "fieldsGroups": [
    {
      object (AlertCardFieldGroupData)
    }
  ],
  "sourceUrl": string,
  "sourceRuleUrl": string,
  "relatedCases": [
    integer
  ],
  "caseId": integer,
  "nestingDepth": integer,
  "slaExpirationUnixTime": string,
  "slaCriticalExpirationUnixTime": string,
  "siemAlertId": string,
  "lastSourceUpdateUnixTimeInMs": integer
}

Fields
`id`	`string (int64 format)` Output only. The alert name.
`creationTimeUnixTimeInMs`	`string (int64 format)` Output only. The alert creation time in milliseconds.
`modificationTimeUnixTimeInMs`	`string (int64 format)` Output only. The alert modification time in milliseconds.
`identifier`	`string` Output only. The alert identifier. This is a unique identifier for the alert. Format: {alertName}_{ticketId}
`status`	`enum (AlertStatus)` Output only. The alert status.
`name`	`string` Output only. The alert name.
`priority`	`enum (LegacyCasePriority)` Output only. The alert priority.
`workflowsStatus`	`enum (WorkflowStatus)` Output only. Status of the selected playbook.
`startTime`	`string (int64 format)` Output only. The alert start time in milliseconds. Start time of the first event.
`endTime`	`string (int64 format)` Output only. The alert end time in milliseconds. End time of the last event.
`alertGroupIdentifier`	`string` Output only. The alert group identifier. This value is unique across the system.
`eventsCount`	`integer` Output only. The number of events in the alert.
`title`	`string` Output only. Alert display name.
`ruleGenerator`	`string` Output only. Rule that generated the alert. Based on the source connector.
`deviceProduct`	`string` Output only. Source product that the alert ingested from.
`deviceVendor`	`string` Output only. Source vendor that the alert ingested from.
`playbookAttached`	`string` Output only. The playbook attached to the alert. The playbook selected is the one with the highest priority. For playbooks with similar priorities, the playbook that was created first is selected.
`playbookRunCount`	`integer` Output only. The playbook's execution count for the alert.
`isManualAlert`	`boolean` Output only. Flag that indicates whether the alert is manual or not.
`sla`	`object (AlertCardSla)` Output only. The alert SLA.
`fieldsGroups[]`	`object (AlertCardFieldGroupData)` Output only. The alert fields.
`sourceUrl`	`string` Output only. The alert source URL.
`sourceRuleUrl`	`string` Output only. The alert source rule URL.
`relatedCases[]`	`integer` Output only. The list of cases related to the alert.
`caseId`	`integer` Output only. The alert's case id.
`nestingDepth`	`integer` Output only. The alert's nesting depth. In case the alert is not nested, this field will be 0. Otherwise, the depth is specified as a positive number.
`slaExpirationUnixTime`	`string (int64 format)` Output only. The alert SLA expiration time in milliseconds.
`slaCriticalExpirationUnixTime`	`string (int64 format)` Output only. The alert SLA critical expiration time in milliseconds.
`siemAlertId`	`string` Output only. The alert's SIEM identifier. In case the alert is not ingested from SIEM, this field will be null.
`lastSourceUpdateUnixTimeInMs`	`integer` Output only. The last time the alert source was updated in milliseconds.

AlertCardFieldGroupData

Field group data.

JSON representation
{ "order": integer, "groupName": string, "items": [ { object (`AlertCardFieldData`) } ], "isIntegration": boolean, "isHighlight": boolean }

Fields
`order`	`integer` Output only. Field group order.
`groupName`	`string` Output only. Field group name.
`items[]`	`object (AlertCardFieldData)` Output only. The list of fields in the field group.
`isIntegration`	`boolean` Output only. Flag that indicates whether the field group is related to a specific integration or not.
`isHighlight`	`boolean` Output only. Flag that indicates whether the field group is highlighted.

AlertCardFieldData

Field data.

JSON representation
{ "originalName": string, "name": string, "value": string }

Fields

Fields
`originalName`	`string` Output only. Field name.
`name`	`string` Output only. Field display name.
`value`	`string` Output only. Field value.

originalName

string

Output only. Field name.

name

string

Output only. Field display name.

value

string

Output only. Field value.

AlertCard Stay organized with collections Save and categorize content based on your preferences.

AlertCardFieldGroupData

AlertCardFieldData

AlertCard