Collection

JSON representation
Element
- JSON representation
Reference
- JSON representation
ResponsePlatformInfo
- JSON representation
ResponsePlatformType
SoarAlertMetadata
- JSON representation

JSON representation

JSON representation
{ "id": string, "type": enum (`CollectionType`), "id_namespace": enum (`Namespace`), "created_time": string, "last_updated_time": string, "time_window": { object (`Interval`) }, "collection_elements": [ { object (`Element`) } ], "detection": [ { object (`SecurityResult`) } ], "detection_time": string, "investigation": { object (`Investigation`) }, "tags": [ string ], "response_platform_info": { object (`ResponsePlatformInfo`) }, "case_name": string, "feedback_summary": { object (`Feedback`) }, "feedback_history": [ { object (`Feedback`) } ], "soar_alert": boolean, "soar_alert_metadata": { object (`SoarAlertMetadata`) }, "data_access_scope": string }

{
  "id": string,
  "type": enum (CollectionType),
  "id_namespace": enum (Namespace),
  "created_time": string,
  "last_updated_time": string,
  "time_window": {
    object (Interval)
  },
  "collection_elements": [
    {
      object (Element)
    }
  ],
  "detection": [
    {
      object (SecurityResult)
    }
  ],
  "detection_time": string,
  "investigation": {
    object (Investigation)
  },
  "tags": [
    string
  ],
  "response_platform_info": {
    object (ResponsePlatformInfo)
  },
  "case_name": string,
  "feedback_summary": {
    object (Feedback)
  },
  "feedback_history": [
    {
      object (Feedback)
    }
  ],
  "soar_alert": boolean,
  "soar_alert_metadata": {
    object (SoarAlertMetadata)
  },
  "data_access_scope": string
}

Fields
`id`	`string`
`type`	`enum (CollectionType)`
`id_namespace`	`enum (Namespace)`
`created_time`	`string (Timestamp format)` A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`last_updated_time`	`string (Timestamp format)` A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`time_window`	`object (Interval)`
`collection_elements[]`	`object (Element)`
`detection[]`	`object (SecurityResult)`
`detection_time`	`string (Timestamp format)` A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`investigation`	`object (Investigation)`
`tags[]`	`string`
`response_platform_info`	`object (ResponsePlatformInfo)`
`case_name`	`string`
`feedback_summary`	`object (Feedback)`
`feedback_history[]`	`object (Feedback)`
`soar_alert`	`boolean`
`soar_alert_metadata`	`object (SoarAlertMetadata)`
`data_access_scope`	`string`

Element

JSON representation
{ "association": { object (`SecurityResult`) }, "references": [ { object (`Reference`) } ], "label": string, "references_sampled": boolean }

Fields
`association`	`object (SecurityResult)`
`references[]`	`object (Reference)`
`label`	`string`
`references_sampled`	`boolean`

Reference

JSON representation
{ "event": { object (`UDM`) }, "entity": { object (`Entity`) }, "id": { object (`Id`) } }

Fields
`event`	`object (UDM)`
`entity`	`object (Entity)`
`id`	`object (Id)`

ResponsePlatformInfo

JSON representation
{ "alert_id": string, "response_platform_type": enum (`ResponsePlatformType`) }

Fields
`alert_id`	`string`
`response_platform_type`	`enum (ResponsePlatformType)`

ResponsePlatformType

Enums
`RESPONSE_PLATFORM_TYPE_UNSPECIFIED`
`RESPONSE_PLATFORM_TYPE_SIEMPLIFY`

SoarAlertMetadata

JSON representation
{ "alert_id": string, "source_rule": string, "vendor": string, "source_system": string, "product": string, "source_system_ticket_id": string, "source_system_uri": string }

Fields
`alert_id`	`string`
`source_rule`	`string`
`vendor`	`string`
`source_system`	`string`
`product`	`string`
`source_system_ticket_id`	`string`
`source_system_uri`	`string`