Field | Data type | Description |
|---|
alertHost | str
| this field indicates an internal Devo component related to alert dispatching. |
domain | str
| Devo domain to which the alert belongs. |
priority | float
| Priority level assigned to the alert, represented as a numerical value: 0 → Very low 3 → Low 5 → Normal 7 → High 10 → Very high
| Note |
|---|
Devo alert priorities VS SecOps alert priorities Please keep in mind that these priority levels do not correspond to the ones used in the Security Operations application. |
|
context | str
| Contextualization of the alert resulting from a combination of its category, domain and name. | Info |
|---|
Special characters in the alert name Alert names are normalized upon creation, replacing all special characters (not alphanumeric) by underscores (_). |
|
category | str
| | Status |
|---|
| colour | Red |
|---|
| title | Deprecated field: |
|---|
|
information is not provided in this field anymore. |
alertId | str
| Unique ID assigned to the alert when triggered. |
status | int
| Condition of the triggered alert regarding their life cycle, represented as a numerical value: Unread → 0 Updated → 1 Watched → 100 False positive → 2 Closed → 300
|
srcIp | ip4
| | Status |
|---|
| colour | Red |
|---|
| title | Deprecated field: |
|---|
|
information is not provided in this field anymore. |
srcPort | int
| | Status |
|---|
| colour | Red |
|---|
| title | Deprecated field: |
|---|
|
information is not provided in this field anymore. |
srcHost | str
| | Status |
|---|
| colour | Red |
|---|
| title | Deprecated field: |
|---|
|
information is not provided in this field anymore. |
dstIp | ip4
| | Status |
|---|
| colour | Red |
|---|
| title | Deprecated field: |
|---|
|
information is not provided in this field anymore. |
dstPort | int
| | Status |
|---|
| colour | Red |
|---|
| title | Deprecated field: |
|---|
|
information is not provided in this field anymore. |
dstHost | str
| | Status |
|---|
| colour | Red |
|---|
| title | Deprecated field: |
|---|
|
information is not provided in this field anymore. |
protocol | str
| | Status |
|---|
| colour | Red |
|---|
| title | Deprecated field: |
|---|
|
information is not provided in this field anymore. |
username | str
| User who created the alert definition. |
application | str
| | Status |
|---|
| colour | Red |
|---|
| title | Deprecated field: |
|---|
|
information is not provided in this field anymore. |
engine | str
| | Status |
|---|
| colour | Red |
|---|
| title | Deprecated field: |
|---|
|
information is not provided in this field anymore. |
extraData | str
| Information extracted from the other fields, gathered to demonstrate the conditions that triggered the alert and included in the alert notification to provide the user with context. |
AlertContextSubscription | int
| | Status |
|---|
| colour | Red |
|---|
| title | Deprecated field: |
|---|
|
information is not provided in this field anymore. |
Alertcreationdate | timestamp
| Exact date on which the specified alert conditions were met and the alert triggered, which may reveal a slight delay with the eventdate (date on which the event was registered in the Devo table). |
