Event
Descriptor of an event or an incident. The incident is an event with child events.
Defined in
This message is defined in the event_provider.proto file.
Syntax
message Event
{
uint64 eventId = 1;
google.protobuf.Timestamp occurred = 3;
Technology technology = 5;
Severity severity = 6;
string title = 7;
string description = 8;
uint32 userMark = 13;
repeated MessageParameter extraParams = 14;
string monitoringPoint = 15;
string triggeredRuleId = 16;
Origin origin = 17;
uint64 eventTypeId = 18;
repeated CommunicationData communicationData = 22;
UserState userState = 23;
uint32 aggregateCount = 24;
google.protobuf.Timestamp closed = 25;
google.protobuf.Timestamp lastSeen = 26;
repeated uint64 children = 27;
}
Fields
The Event message has the following fields.
Event message fields
Rule Field |
Type |
Name |
Tag |
Description |
|---|---|---|---|---|
|
|
|
|
Event identifier. |
|
|
|
|
Time stamp when the event occurred. |
|
|
|
Analysis technology type associated with the event. |
|
|
|
|
Event severity. |
|
|
|
|
|
Event title. |
|
|
|
|
Event description. |
|
|
|
|
User mark. |
|
|
|
Extra parameters. |
|
|
|
|
|
Monitoring point that generated the event. |
|
|
|
|
Identifier of the rule that triggered the event. |
|
|
|
Event origin. |
|
|
|
|
|
Event type identifier. |
|
|
|
Stacks of protocols and network addresses associated with the event. |
|
|
|
|
Event status. |
|
|
|
|
|
Number of times the event was triggered. |
|
|
|
|
Time stamp when either the event received Resolved status or its timer stopped being regenerated. |
|
|
|
|
Time stamp when the event was last triggered. |
|
|
|
|
Child events added to an event (incident). |