Versions Compared

Old Version 30

changes.mady.by.user Borja Moro Moreno

Saved on

compared with

New Version 31

changes.mady.by.user Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Field

Data type

Description

alertHost

str

Status
titleInternal field:
this field indicates an internal Devo component related to alert dispatching.

domain

str

Devo domain to which the alert belongs.

priority

Anchor
equivalents
equivalents

float

Priority level assigned to the alert, represented as a numerical value:

  • 0 → Very low

  • 3 → Low

  • 5 → Normal

  • 7 → High

  • 10 → Very high

Note

Devo alert priorities VS SecOps alert priorities

Please keep in mind that these priority levels do not correspond to the ones used in the Security Operations application.

context

str

Contextualization of the alert resulting from a combination of its category, domain and name.

Info

Special characters in the alert name

Alert names are normalized upon creation, replacing all special characters (not alphanumeric) by underscores (_).

category

str

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

alertId

str

Unique ID assigned to the alert when triggered.

status

int

Condition of the triggered alert regarding their life cycle, represented as a numerical value:

  • Unread → 0

  • Updated → 1

  • Watched → 100

  • False positive → 2

  • Closed → 300

srcIp

ip4

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

srcPort

int

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

srcHost

str

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

dstIp

ip4

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

dstPort

int

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

dstHost

str

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

protocol

str

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

username

str

User who created the alert definition.

application

str

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

engine

str

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

extraData

str

Information extracted from the other different fields , gathered to demonstrate indicate the conditions that triggered the alert (more info here).

AlertContextSubscription

int

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

Alertcreationdate

timestamp

Exact date on which the specified alert conditions were met and the alert triggered, which may reveal a slight delay with the eventdate (date on which the event was registered in the Devo table).

...

Field

Data type

Description

alertHost

str

Status
titleInternal field:
this field indicates an internal Devo component related to alert dispatching.

errorCode

str

Explanation about the reason for the alert not being triggered. The most common are:

  • Due to post-filter conditions

  • Due to system anti-flooding

domain

str

Domain to which the alert belongs.

priority

float

Priority level assigned to the alert, represented as a numerical value:

  • 0 → Very low

  • 3 → Low

  • 5 → Normal

  • 7 → High

  • 10 → Very high

context

str

Contextualization of the alert resulting from a combination of its category, domain and name.

Info

Special characters in the alert name

Alert names are normalized upon creation, replacing all special characters (not alphanumeric) by underscores (_).

category

str

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

status

int

Condition of the triggered alert regarding their life cycle, represented as a numerical value:

  • Unread → 0

  • Updated → 1

  • Watched → 100

  • False positive → 2

  • Closed → 300

alertId

str

Unique ID assigned to the alert when triggered.

srcIp

ip4

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

srcPort

int

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

srcHost

str

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

dstIp

ip4

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

dstPort

int

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

dstHost

str

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

protocol

str

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

username

str

User who created the alert definition.

application

str

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

engine

str

Status
titleInternal field:
this field indicates an internal Devo component related to alert dispatching.

extraData

str

Information extracted from the other different fields , gathered to demonstrate indicate the conditions that triggered the alert (more info here).

AlertContextSubscription

int

Status
colourRed
titleDeprecated field:
information is not provided in this field anymore.

Alertcreationdate

timestamp

Exact date on which the specified alert conditions were met but did not trigger an alert due to an error, which may indicate a slight delay with the event date (date on which the error event was registered in the Devo table).

...