EntityRiskScoreModification

Message of Entity Risk Score Modification.

JSON representation
{
  "modificationType": enum (EntityRiskScoreModificationType),
  "modificationTime": string,
  "author": string,
  "modificationReason": string,
  "multiplyingFactor": number,
  "multiplyingFactorTtl": string,
  "modificationResourceId": {
    object (EntityRiskScoreModificationResourceId)
  }
}
Fields
modificationType

enum (EntityRiskScoreModificationType)

Required. Modification type.

modificationTime

string (Timestamp format)

Output only. Modification timestamp.

Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

author

string

Output only. The analyst id of who made the modification to base entity risk score.

modificationReason

string

Required. Modification reason.

multiplyingFactor

number

Required. Multiplying factor.

multiplyingFactorTtl

string (Duration format)

Optional. TTL for the multiplying factor. Only present when modificationType is of MULTIPLY_ENTITY_RISK_SCORE_WITH_TTL type.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

modificationResourceId

object (EntityRiskScoreModificationResourceId)

Optional. The resource id for which the user chooses to modify risk score. Resource id could be detection id or rule id.

EntityRiskScoreModificationType

Type of Entity Risk Score Modification.

Enums
ENTITY_RISK_SCORE_MODIFICATION_TYPE_UNSPECIFIED Unspecified state for entity risk score modification type.
MULTIPLY_CURRENT_ENTITY_RISK_SCORE Multiply type for applying multiplying factor on underlying detections that contribute to base entity risk score until they fade out in the sliding risk window.
MULTIPLY_ENTITY_RISK_SCORE_WITH_TTL Multiply type for applying multiplying factor to entity risk score with a TTL.
MULTIPLY_DETECTION_RISK_SCORE_BY_DETECTION_ID Multiply a specific detection's risk score during entity risk score calculation.
MULTIPLY_DETECTION_RISK_SCORE_BY_RULE_ID_WITH_TTL Multiply detection risk score triggered by a specific rule during entity risk score calculation with a TTL.

EntityRiskScoreModificationResourceId

Message of resource id for which the user chooses to modify risk score. Resource id could be detection id or rule id.

JSON representation
{

  // Union field id can be only one of the following:
  "detectionId": string,
  "ruleId": string
  // End of list of possible types for union field id.
}
Fields
Union field id. The resource id for which the user chooses to modify risk score. Resource id could be detection id or rule id. id can be only one of the following:
detectionId

string

Optional. The detection id for which the user chooses to modify detection risk score for.

ruleId

string

Optional. The rule id for which the user chooses to modify detection risk score for.