GraphWidget

JSON representation
Investigator
- JSON representation
GraphNodeGroup
- JSON representation
GraphNode
- JSON representation
GraphRelationGroup
- JSON representation
GraphRelation
- JSON representation
GraphRelationPropertyValue
- JSON representation
ApiSecurityAlertDetails
- JSON representation
ApiSecurityEventDetails
- JSON representation
ApiSecurityEntityCard
- JSON representation
SecurityEntityDirection

Graph widget.

JSON representation

JSON representation
{ "investigator": { object (`Investigator`) }, "title": string, "order": integer, "type": enum (`WidgetTemplateType`), "gridColumns": enum (`WidgetTemplateGridColumns`), "description": string, "identifier": string, "jsonData": string, "errorJsonData": string, "resultStatus": enum (`WidgetResultStatus`) }

{
  "investigator": {
    object (Investigator)
  },
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`investigator`	`object (Investigator)` Output only. The investigator to display.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

Investigator

Investigator.

JSON representation

JSON representation
{ "nodes": [ { object (`GraphNodeGroup`) } ], "relations": [ { object (`GraphRelationGroup`) } ], "alerts": [ { object (`ApiSecurityAlertDetails`) } ], "caseId": integer, "caseTitle": string, "lastModifed": string, "assignedUser": string, "tags": [ string ], "priority": enum (`LegacyCasePriority`), "environment": string, "status": enum (`CaseStatus`) }

{
  "nodes": [
    {
      object (GraphNodeGroup)
    }
  ],
  "relations": [
    {
      object (GraphRelationGroup)
    }
  ],
  "alerts": [
    {
      object (ApiSecurityAlertDetails)
    }
  ],
  "caseId": integer,
  "caseTitle": string,
  "lastModifed": string,
  "assignedUser": string,
  "tags": [
    string
  ],
  "priority": enum (LegacyCasePriority),
  "environment": string,
  "status": enum (CaseStatus)
}

Fields
`nodes[]`	`object (GraphNodeGroup)` Output only. The nodes to display.
`relations[]`	`object (GraphRelationGroup)` Output only. The relations to display.
`alerts[]`	`object (ApiSecurityAlertDetails)` Output only. The alerts to display.
`caseId`	`integer` Output only. The case id.
`caseTitle`	`string` Output only. The case title.
`lastModifed`	`string` Output only. The last modified time of the case.
`assignedUser`	`string` Output only. The assigned user.
`tags[]`	`string` Output only. The tags of the case.
`priority`	`enum (LegacyCasePriority)` Output only. The case priority.
`environment`	`string` Output only. The environment of the case.
`status`	`enum (CaseStatus)` Output only. The case status.

GraphNodeGroup

Graph node group.

JSON representation
{ "primaryNode": { object (`GraphNode`) }, "nodes": [ { object (`GraphNode`) } ] }

Fields

Fields
`primaryNode`	`object (GraphNode)` Output only. The primary node.
`nodes[]`	`object (GraphNode)` Output only. The nodes to display.

primaryNode

object (GraphNode)

Output only. The primary node.

nodes[]

object (GraphNode)

Output only. The nodes to display.

GraphNode

Graph node.

JSON representation

JSON representation
{ "isInternal": boolean, "isSuspicious": boolean, "isArtifact": boolean, "isVulnerable": boolean, "isPivot": boolean, "identifier": string, "alertIdentifier": string, "type": string, "sourceUrl": string, "fields": [ { object (`WidgetContextGroup`) } ] }

{
  "isInternal": boolean,
  "isSuspicious": boolean,
  "isArtifact": boolean,
  "isVulnerable": boolean,
  "isPivot": boolean,
  "identifier": string,
  "alertIdentifier": string,
  "type": string,
  "sourceUrl": string,
  "fields": [
    {
      object (WidgetContextGroup)
    }
  ]
}

Fields
`isInternal`	`boolean` Output only. Flag that indicates whether the node is internal or not.
`isSuspicious`	`boolean` Output only. Flag that indicates whether the node is suspicious or not.
`isArtifact`	`boolean` Output only. Flag that indicates whether the node is an artifact or not.
`isVulnerable`	`boolean` Output only. Flag that indicates whether the node is vulnerable or not.
`isPivot`	`boolean` Output only. Flag that indicates whether the node is a pivot or not.
`identifier`	`string` Output only. The node identifier.
`alertIdentifier`	`string` Output only. The alert identifier. This is a unique identifier for the alert. Format: {alertName}_{ticketId}
`type`	`string` Output only. The type of the node.
`sourceUrl`	`string` Output only. The source URL.
`fields[]`	`object (WidgetContextGroup)` Output only. The context groups.

GraphRelationGroup

Graph relation group.

JSON representation

JSON representation
{ "fromType": string, "toType": string, "identifier": string, "fromIdentifier": string, "toIdentifier": string, "primaryRelation": { object (`GraphRelation`) }, "relations": [ { object (`GraphRelation`) } ] }

{
  "fromType": string,
  "toType": string,
  "identifier": string,
  "fromIdentifier": string,
  "toIdentifier": string,
  "primaryRelation": {
    object (GraphRelation)
  },
  "relations": [
    {
      object (GraphRelation)
    }
  ]
}

Fields
`fromType`	`string` Output only. The from type of the relation.
`toType`	`string` Output only. The to type of the relation.
`identifier`	`string` Output only. The relation identifier.
`fromIdentifier`	`string` Output only. The from identifier.
`toIdentifier`	`string` Output only. The to identifier.
`primaryRelation`	`object (GraphRelation)` Output only. The primary relation.
`relations[]`	`object (GraphRelation)` Output only. The relations to display.

GraphRelation

Graph relation.

JSON representation
{ "eventId": string, "fromIdentifier": string, "toIdentifier": string, "identifier": string, "type": string, "fields": [ { object (`GraphRelationPropertyValue`) } ] }

Fields
`eventId`	`string` Output only. The event identifier.
`fromIdentifier`	`string` Output only. The from identifier.
`toIdentifier`	`string` Output only. The to identifier.
`identifier`	`string` Output only. The graph relation identifier.
`type`	`string` Output only. The type of the relation.
`fields[]`	`object (GraphRelationPropertyValue)` Output only. The graph relation property fields.

GraphRelationPropertyValue

The graph relation property value.

JSON representation
{ "key": string, "value": string }

Fields

Fields
`key`	`string` Output only. The property key.
`value`	`string` Output only. The property value.

key

string

Output only. The property key.

value

string

Output only. The property value.

ApiSecurityAlertDetails

Security alert details.

JSON representation

JSON representation
{ "ticketId": string, "status": enum (`AlertStatus`), "identifier": string, "hasWorkflows": boolean, "workflowsStatus": enum (`WorkflowStatus`), "sourceSystemName": string, "securityEventCards": [ { object (`ApiSecurityEventDetails`) } ], "entityCards": [ { object (`ApiSecurityEntityCard`) } ], "productFamilies": [ string ], "fields": [ { object (`WidgetContextGroup`) } ], "name": string, "product": string, "startTimeUnixTimeInMs": string, "apiSlaExpiration": { object (`AlertCardSla`) }, "isManualAlert": boolean, "priority": enum (`LegacyCasePriority`) }

{
  "ticketId": string,
  "status": enum (AlertStatus),
  "identifier": string,
  "hasWorkflows": boolean,
  "workflowsStatus": enum (WorkflowStatus),
  "sourceSystemName": string,
  "securityEventCards": [
    {
      object (ApiSecurityEventDetails)
    }
  ],
  "entityCards": [
    {
      object (ApiSecurityEntityCard)
    }
  ],
  "productFamilies": [
    string
  ],
  "fields": [
    {
      object (WidgetContextGroup)
    }
  ],
  "name": string,
  "product": string,
  "startTimeUnixTimeInMs": string,
  "apiSlaExpiration": {
    object (AlertCardSla)
  },
  "isManualAlert": boolean,
  "priority": enum (LegacyCasePriority)
}

Fields
`ticketId`	`string` Output only. The ticket id.
`status`	`enum (AlertStatus)` Output only. The alert status.
`identifier`	`string` Output only. The alert identifier. This is a unique identifier for the alert. Format: {alertName}_{ticketId}
`hasWorkflows`	`boolean` Output only. Flag that indicates whether the alert has workflows or not.
`workflowsStatus`	`enum (WorkflowStatus)` Output only. The workflow status.
`sourceSystemName`	`string` Output only. The source system name.
`securityEventCards[]`	`object (ApiSecurityEventDetails)` Output only. The security event cards.
`entityCards[]`	`object (ApiSecurityEntityCard)` Output only. The entity cards of the alert.
`productFamilies[]`	`string` Output only. The product families of the alert.
`fields[]`	`object (WidgetContextGroup)` Output only. The fields of the alert.
`name`	`string` Output only. The alert name.
`product`	`string` Output only. The product of the alert.
`startTimeUnixTimeInMs`	`string (int64 format)` Output only. The start time of the alert.
`apiSlaExpiration`	`object (AlertCardSla)` Output only. The alert SLA.
`isManualAlert`	`boolean` Output only. Flag that indicates whether the alert is manual or not.
`priority`	`enum (LegacyCasePriority)` Output only. The alert priority.

ApiSecurityEventDetails

Security event details.

JSON representation

JSON representation
{ "caseId": integer, "eventId": string, "alertIdentifier": string, "eventName": string, "product": string, "sources": [ { object (`EntityKey`) } ], "destinations": [ { object (`EntityKey`) } ], "artifactes": [ { object (`EntityKey`) } ], "port": string, "outcome": string, "deviceEventClassId": string, "fields": [ { object (`WidgetContextGroup`) } ], "timestamp": string }

{
  "caseId": integer,
  "eventId": string,
  "alertIdentifier": string,
  "eventName": string,
  "product": string,
  "sources": [
    {
      object (EntityKey)
    }
  ],
  "destinations": [
    {
      object (EntityKey)
    }
  ],
  "artifactes": [
    {
      object (EntityKey)
    }
  ],
  "port": string,
  "outcome": string,
  "deviceEventClassId": string,
  "fields": [
    {
      object (WidgetContextGroup)
    }
  ],
  "timestamp": string
}

Fields
`caseId`	`integer` Output only. The case id.
`eventId`	`string` Output only. The event id.
`alertIdentifier`	`string` Output only. The alert identifier. This is a unique identifier for the alert. Format: {alertName}_{ticketId}
`eventName`	`string` Output only. The event name.
`product`	`string` Output only. The product name.
`sources[]`	`object (EntityKey)` Output only. The sources of the event.
`destinations[]`	`object (EntityKey)` Output only. The destinations of the event.
`artifactes[]`	`object (EntityKey)` Output only. The entities of the event.
`port`	`string` Output only. The port of the event.
`outcome`	`string` Output only. The outcome of the event.
`deviceEventClassId`	`string` Output only. The event class id of the event.
`fields[]`	`object (WidgetContextGroup)` Output only. The fields of the event.
`timestamp`	`string (Timestamp format)` Output only. The timestamp of the event. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.

ApiSecurityEntityCard

Security entity card.

JSON representation
{ "identifier": string, "entityType": string, "isSuspicious": boolean, "linkedEntities": [ { object (`ApiSecurityEntityCard`) } ], "direction": enum (`SecurityEntityDirection`) }

Fields
`identifier`	`string` Output only. The entity identifier.
`entityType`	`string` Output only. The entity type.
`isSuspicious`	`boolean` Output only. Flag that indicates whether the entity is suspicious or not.
`linkedEntities[]`	`object (ApiSecurityEntityCard)` Output only. The linked entities of the alert.
`direction`	`enum (SecurityEntityDirection)` Output only. The entity direction of the alert.

SecurityEntityDirection

The security entity direction.

Enums
`SECURITY_ENTITY_DIRECTION_UNSPECIFIED`	Unspecified entity direction.
`NONE`	Entity direction is none.
`INBOUND`	Entity direction is inbound.
`OUTBOUND`	Entity direction is outbound.
`BOTH`	Entity direction is both.