- JSON representation
- IndividualNode
- IndicatorSummary
- IndicatorAliases
- GroupNode
- GroupNodeDetail
- DetectionGroup
- AlertState
A generic node in a graph.
| JSON representation |
|---|
{ "id": string, "display_name": string, // Union field |
| Fields | |
|---|---|
id |
Required. The unique string id of the node. |
display_name |
Output only. The display name of the node. |
Union field node_detail. Detailed information about a node. A node can be either an individual node or a group node. node_detail can be only one of the following: |
|
individual_node |
A individual node which contains a resource. |
group_node |
A group node in a graph which represents a collection of individual nodes. |
IndividualNode
A individual node which contains a resource.
| JSON representation |
|---|
{ "adjacent_individual_nodes_count": integer, // Union field |
| Fields | |
|---|---|
adjacent_individual_nodes_count |
Output only. The number of individual nodes adjacent to the current node. |
Union field node_detail. Detailed information of the node. node_detail can be only one of the following: |
|
detection |
Output only. Detail about a detection node. |
indicator_summary |
Output only. Indicator summary information about an entity node. |
IndicatorSummary
A summary of aliased indicators of an entity.
| JSON representation |
|---|
{ "entity": string, "time_range": { object ( |
| Fields | |
|---|---|
entity |
The resource name of an entity. Format: projects/{project}/locations/{location}/instances/{instance}/entities/{entity} |
time_range |
The time range that the aliases are valid for. This is the same as the Entity interval, and is duplicated here for convenience. |
display_indicator |
The EntityIndicator used to represent the IndicatorSummary. |
aliases[] |
A list of IndicatorAliases across different time ranges. |
entity_risk_score |
The risk score of the entity at the end of the time range. |
IndicatorAliases
A list of aliased indicators within a time range.
| JSON representation |
|---|
{ "time_range": { object ( |
| Fields | |
|---|---|
time_range |
The time range of the aliases is valid for. |
aliases[] |
A list of aliased indicators within the time range. |
GroupNode
A group node in a graph, which can be a indicator-related detection group or a rule-related detection group.
| JSON representation |
|---|
{
"group_node_detail": {
object ( |
| Fields | |
|---|---|
group_node_detail |
Output only. The detail information of a group node. |
individual_node_count |
Output only. The individual nodes count in the group. |
GroupNodeDetail
Detail information of a group node.
| JSON representation |
|---|
{ "parent_node_id": string, // Union field |
| Fields | |
|---|---|
parent_node_id |
The source of the parent node of the current group node. The parent node can only be an individual node. |
Union field group. The detailed information about a group node. group can be only one of the following: |
|
indicator_related_detection_group |
An indicator-related detection group. |
rule_related_detection_group |
A rule-related detection group. |
DetectionGroup
A detection group, which contains fields about how the detections got grouped. NEXT_TAG: 4
| JSON representation |
|---|
{
"alert_state": enum ( |
| Fields | |
|---|---|
alert_state |
Output only. The state of a detection representing if the detection is an alert or not. |
rule |
Optional. The Rule a detection generated from. Format: projects/{project}/locations/{location}/instances/{instance}/rules/{rule} |
rule_display_name |
Output only. The rule display name. |
AlertState
The alert state of a detection.
| Enums | |
|---|---|
ALERT_STATE_UNSPECIFIED |
The default/unset value. The API will default to the ALERT_STATE_ALERTING. |
ALERT_STATE_NOT_ALERTING |
A not alerting state. |
ALERT_STATE_ALERTING |
An alerting state. |