alert-trigger
October 17, 2024 · View on GitHub
Description
An instance of an alert was triggered on the security product
Parameters
| Parameter | Value |
|---|---|
| Subject | alert |
| Activity | trigger |
| Activity Type | alert-trigger |
| Pretty Name | Alert Trigger |
Legacy Names
| Success | Fail |
|---|---|
| security-alert process-alert file-alert network-alert dlp-alert database-alert alert-iot |
Fields
The possible fields for this activity type will vary depending on whether the activity was a success or a fail.
alert-trigger:success
| Field | Core | Detection | Informational |
|---|---|---|---|
| alert_severity | ✓ | ||
| local_user_name | |||
| dest_local_host | ✓ | ||
| alert_subject | ✓ | ✓ | |
| src_host | ✓ | ||
| src_local_host | ✓ | ||
| dest_zone | ✓ | ||
| alert_type | ✓ | ||
| protocol | ✓ | ||
| top_domain | ✓ | ||
| process_name | ✓ | ||
| bytes | ✓ | ||
| src_zone | ✓ | ||
| dest_ip | ✓ | ||
| local_zone | ✓ | ||
| alert_source | ✓ | ||
| src_local_zone | ✓ | ||
| dest_host | ✓ | ||
| dest_local_zone | ✓ | ||
| local_asset | ✓ | ||
| user | ✓ | ||
| dest_port | ✓ |
A failure activity is not currently supported for this activity-type.