ApiCyberAlertFullDetails

ApiCyberAlertFullDetails message.

JSON representation 
{
  "caseIdentifier": string,
  "alertGroupIdentifier": string,
  "additionalData": string,
  "reportingVendor": string,
  "reportingProduct": string,
  "environment": string,
  "name": string,
  "description": string,
  "externalId": string,
  "ruleGenerator": string,
  "severity": integer,
  "tags": [
    string
  ],
  "detectedTimeUnixMs": string,
  "identifier": string,
  "creationTimeUnixMs": string,
  "modificationTimeUnixMs": string,
  "additionalProperties": {
    string: string,
    ...
  },
  "securityEvents": [
    {
      object (ApiSecurityEvent)
    }
  ],
  "domainRelations": [
    {
      object (ApiDomainRelation)
    }
  ],
  "domainEntities": [
    {
      object (ApiDomainEntity)
    }
  ]
}
Fields
caseIdentifier

string

Case identifier.
alertGroupIdentifier

string

Alert group identifier.
additionalData

string

Additional data.
reportingVendor

string

Reporting vendor.
reportingProduct

string

Reporting product.
environment

string

Environment.
name

string

Name.
description

string

Description.
externalId

string

External ID.
ruleGenerator

string

Rule generator.
severity

integer

Severity.
tags[]

string

Tags.
detectedTimeUnixMs

string (int64 format)

Detected time in unix ms.
identifier

string

Identifier.
creationTimeUnixMs

string (int64 format)

Creation time in unix ms.
modificationTimeUnixMs

string (int64 format)

Modification time in unix ms.
additionalProperties

map (key: string, value: string)

Additional properties.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
securityEvents[]

object (ApiSecurityEvent)

Security events.
domainRelations[]

object (ApiDomainRelation)

Domain relations.
domainEntities[]

object (ApiDomainEntity)

Domain entities.

ApiSecurityEvent

ApiSecurityEvent message.

JSON representation 
{
  "caseIdentifier": string,
  "alertIdentifier": string,
  "eventId": string,
  "eventClassId": string,
  "name": string,
  "description": string,
  "eventType": string,
  "ruleGenerator": string,
  "severity": string,
  "categoryOutcome": string,
  "startTimeUnixMs": string,
  "endTimeUnixMs": string,
  "sourceHostName": string,
  "sourceAddress": string,
  "sourceDnsDomain": string,
  "sourceUserName": string,
  "sourceUserId": string,
  "sourceNtDomain": string,
  "sourceProcessName": string,
  "destinationHostName": string,
  "destinationAddress": string,
  "destinationUserName": string,
  "destinationDnsDomain": string,
  "destinationNtDomain": string,
  "destinationProcessName": string,
  "transportProtocol": string,
  "applicationProtocol": string,
  "destinationPort": string,
  "destinationUrl": string,
  "deployment": string,
  "fileName": string,
  "fileHash": string,
  "fileType": string,
  "emailSubject": string,
  "signature": string,
  "usb": string,
  "sourceMacAddress": string,
  "destinationMacAddress": string,
  "creditCard": string,
  "phoneNumber": string,
  "cve": string,
  "threatActor": string,
  "threatCampaign": string,
  "genericEntity": string,
  "process": string,
  "parentProcess": string,
  "parentHash": string,
  "childProcess": string,
  "childHash": string,
  "ipset": string,
  "deviceHostName": string,
  "deviceAddress": string,
  "deviceVendor": string,
  "deviceProduct": string,
  "deviceVersion": string,
  "deviceSeverity": string,
  "sourceDomain": string,
  "destinationDomain": string,
  "identifier": string,
  "creationTimeUnixMs": string,
  "modificationTimeUnixMs": string,
  "additionalProperties": {
    string: string,
    ...
  },
  "isCorrelation": boolean
}
Fields
caseIdentifier

string

Case identifier.
alertIdentifier

string

Alert identifier.
eventId

string

Event ID.
eventClassId

string

Event class ID.
name

string

Name.
description

string

Description.
eventType

string

Event type.
ruleGenerator

string

Rule generator.
severity

string

Severity.
categoryOutcome

string

Category outcome.
startTimeUnixMs

string (int64 format)

Start time in unix ms.
endTimeUnixMs

string (int64 format)

End time in unix ms.
sourceHostName

string

Source host name.
sourceAddress

string

Source address.
sourceDnsDomain

string

Source DNS domain.
sourceUserName

string

Source user name.
sourceUserId

string

Source user ID.
sourceNtDomain

string

Source NT domain.
sourceProcessName

string

Source process name.
destinationHostName

string

Destination host name.
destinationAddress

string

Destination address.
destinationUserName

string

Destination user name.
destinationDnsDomain

string

Destination DNS domain.
destinationNtDomain

string

Destination NT domain.
destinationProcessName

string

Destination process name.
transportProtocol

string

Transport protocol.
applicationProtocol

string

Application protocol.
destinationPort

string

Destination port.
destinationUrl

string

Destination URL.
deployment

string

Deployment.
fileName

string

File name.
fileHash

string

File hash.
fileType

string

File type.
emailSubject

string

Email subject.
signature

string

Signature.
usb

string

USB.
sourceMacAddress

string

Source mac address.
destinationMacAddress

string

Destination mac address.
creditCard

string

Credit card.
phoneNumber

string

Phone number.
cve

string

CVE.
threatActor

string

Threat actor.
threatCampaign

string

Threat campaign.
genericEntity

string

Generic entity.
process

string

Process.
parentProcess

string

Parent process.
parentHash

string

Parent hash.
childProcess

string

Child process.
childHash

string

Child hash.
ipset

string

IPSET.
deviceHostName

string

Device host name.
deviceAddress

string

Device address.
deviceVendor

string

Device vendor.
deviceProduct

string

Device product.
deviceVersion

string

Device version.
deviceSeverity

string

Device severity.
sourceDomain

string

Source domain.
destinationDomain

string

Destination domain.
identifier

string

Identifier.
creationTimeUnixMs

string (int64 format)

Creation time in unix ms.
modificationTimeUnixMs

string (int64 format)

Modification time in unix ms.
additionalProperties

map (key: string, value: string)

Additional properties.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
isCorrelation

boolean

Is correlation.

ApiDomainRelation

ApiDomainRelation message.

JSON representation 
{
  "caseIdentifier": string,
  "alertIdentifier": string,
  "securityEventIdentifier": string,
  "relationType": string,
  "eventId": string,
  "fromIdentifier": string,
  "fromType": string,
  "toIdentifier": string,
  "toType": string,
  "deviceVendor": string,
  "deviceProduct": string,
  "eventClassId": string,
  "severity": string,
  "categoryOutcome": string,
  "destinationPort": string,
  "startTimeUnixMs": string,
  "endTimeUnixMs": string,
  "identifier": string,
  "creationTimeUnixMs": string,
  "modificationTimeUnixMs": string,
  "additionalProperties": {
    string: string,
    ...
  }
}
Fields
caseIdentifier

string

Case identifier.
alertIdentifier

string

Alert identifier.
securityEventIdentifier

string

Security event identifier.
relationType

string

Relation type.
eventId

string

Event ID.
fromIdentifier

string

From identifier.
fromType

string

From type.
toIdentifier

string

To identifier.
toType

string

To type.
deviceVendor

string

Device vendor.
deviceProduct

string

Device product.
eventClassId

string

Event class ID.
severity

string

Severity.
categoryOutcome

string

Category outcome.
destinationPort

string

Destination port.
startTimeUnixMs

string (int64 format)

Start time in unix ms.
endTimeUnixMs

string (int64 format)

End time in unix ms.
identifier

string

Identifier.
creationTimeUnixMs

string (int64 format)

Creation time in unix ms.
modificationTimeUnixMs

string (int64 format)

Modification time in unix ms.
additionalProperties

map (key: string, value: string)

Additional properties.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.