EntityRiskScoreModification

JSON representation
EntityRiskScoreModificationType
EntityRiskScoreModificationResourceId
- JSON representation

Message of Entity Risk Score Modification.

JSON representation

JSON representation
{ "modificationType": enum (`EntityRiskScoreModificationType`), "modificationTime": string, "author": string, "modificationReason": string, "multiplyingFactor": number, "multiplyingFactorTtl": string, "modificationResourceId": { object (`EntityRiskScoreModificationResourceId`) } }

{
  "modificationType": enum (EntityRiskScoreModificationType),
  "modificationTime": string,
  "author": string,
  "modificationReason": string,
  "multiplyingFactor": number,
  "multiplyingFactorTtl": string,
  "modificationResourceId": {
    object (EntityRiskScoreModificationResourceId)
  }
}

Fields
`modificationType`	`enum (EntityRiskScoreModificationType)` Required. Modification type.
`modificationTime`	`string (Timestamp format)` Output only. Modification timestamp. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`author`	`string` Output only. The analyst id of who made the modification to base entity risk score.
`modificationReason`	`string` Required. Modification reason.
`multiplyingFactor`	`number` Required. Multiplying factor.
`multiplyingFactorTtl`	`string (Duration format)` Optional. TTL for the multiplying factor. Only present when modificationType is of MULTIPLY_ENTITY_RISK_SCORE_WITH_TTL type. A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: `"3.5s"`.
`modificationResourceId`	`object (EntityRiskScoreModificationResourceId)` Optional. The resource id for which the user chooses to modify risk score. Resource id could be detection id or rule id.

EntityRiskScoreModificationType

Type of Entity Risk Score Modification.

Enums
`ENTITY_RISK_SCORE_MODIFICATION_TYPE_UNSPECIFIED`	Unspecified state for entity risk score modification type.
`MULTIPLY_CURRENT_ENTITY_RISK_SCORE`	Multiply type for applying multiplying factor on underlying detections that contribute to base entity risk score until they fade out in the sliding risk window.
`MULTIPLY_ENTITY_RISK_SCORE_WITH_TTL`	Multiply type for applying multiplying factor to entity risk score with a TTL.
`MULTIPLY_DETECTION_RISK_SCORE_BY_DETECTION_ID`	Multiply a specific detection's risk score during entity risk score calculation.
`MULTIPLY_DETECTION_RISK_SCORE_BY_RULE_ID_WITH_TTL`	Multiply detection risk score triggered by a specific rule during entity risk score calculation with a TTL.

EntityRiskScoreModificationResourceId

Message of resource id for which the user chooses to modify risk score. Resource id could be detection id or rule id.

JSON representation
{ // Union field `id` can be only one of the following: "detectionId": string, "ruleId": string // End of list of possible types for union field `id`. }

Fields

Fields
Union field `id`. The resource id for which the user chooses to modify risk score. Resource id could be detection id or rule id. `id` can be only one of the following:
`detectionId`	`string` Optional. The detection id for which the user chooses to modify detection risk score for.
`ruleId`	`string` Optional. The rule id for which the user chooses to modify detection risk score for.

Union field id. The resource id for which the user chooses to modify risk score. Resource id could be detection id or rule id. id can be only one of the following:

detectionId

string

Optional. The detection id for which the user chooses to modify detection risk score for.

ruleId

string

Optional. The rule id for which the user chooses to modify detection risk score for.

EntityRiskScoreModification Stay organized with collections Save and categorize content based on your preferences.

EntityRiskScoreModificationType

EntityRiskScoreModificationResourceId

EntityRiskScoreModification