Message of Entity Risk Score Modification.
JSON representation |
---|
{ "modificationType": enum ( |
Fields | |
---|---|
modificationType |
Required. Modification type. |
modificationTime |
Output only. Modification timestamp. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
author |
Output only. The analyst id of who made the modification to base entity risk score. |
modificationReason |
Required. Modification reason. |
multiplyingFactor |
Required. Multiplying factor. |
multiplyingFactorTtl |
Optional. TTL for the multiplying factor. Only present when modificationType is of MULTIPLY_ENTITY_RISK_SCORE_WITH_TTL type. A duration in seconds with up to nine fractional digits, ending with ' |
modificationResourceId |
Optional. The resource id for which the user chooses to modify risk score. Resource id could be detection id or rule id. |
EntityRiskScoreModificationType
Type of Entity Risk Score Modification.
Enums | |
---|---|
ENTITY_RISK_SCORE_MODIFICATION_TYPE_UNSPECIFIED |
Unspecified state for entity risk score modification type. |
MULTIPLY_CURRENT_ENTITY_RISK_SCORE |
Multiply type for applying multiplying factor on underlying detections that contribute to base entity risk score until they fade out in the sliding risk window. |
MULTIPLY_ENTITY_RISK_SCORE_WITH_TTL |
Multiply type for applying multiplying factor to entity risk score with a TTL. |
MULTIPLY_DETECTION_RISK_SCORE_BY_DETECTION_ID |
Multiply a specific detection's risk score during entity risk score calculation. |
MULTIPLY_DETECTION_RISK_SCORE_BY_RULE_ID_WITH_TTL |
Multiply detection risk score triggered by a specific rule during entity risk score calculation with a TTL. |
EntityRiskScoreModificationResourceId
Message of resource id for which the user chooses to modify risk score. Resource id could be detection id or rule id.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field id . The resource id for which the user chooses to modify risk score. Resource id could be detection id or rule id. id can be only one of the following: |
|
detectionId |
Optional. The detection id for which the user chooses to modify detection risk score for. |
ruleId |
Optional. The rule id for which the user chooses to modify detection risk score for. |