EntityRiskScoreModification

JSON representation
EntityRiskScoreModificationType
EntityRiskScoreModificationResourceId
- JSON representation

Message of Entity Risk Score Modification.

JSON representation

JSON representation
{ "modification_type": enum (`EntityRiskScoreModificationType`), "modification_time": string, "author": string, "modification_reason": string, "multiplying_factor": number, "multiplying_factor_ttl": string, "modification_resource_id": { object (`EntityRiskScoreModificationResourceId`) } }

{
  "modification_type": enum (EntityRiskScoreModificationType),
  "modification_time": string,
  "author": string,
  "modification_reason": string,
  "multiplying_factor": number,
  "multiplying_factor_ttl": string,
  "modification_resource_id": {
    object (EntityRiskScoreModificationResourceId)
  }
}

Fields
`modification_type`	`enum (EntityRiskScoreModificationType)` Required. Modification type.
`modification_time`	`string (Timestamp format)` Output only. Modification timestamp. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`author`	`string` Output only. The analyst id of who made the modification to base entity risk score.
`modification_reason`	`string` Required. Modification reason.
`multiplying_factor`	`number` Required. Multiplying factor.
`multiplying_factor_ttl`	`string (Duration format)` Optional. TTL for the multiplying factor. Only present when modification_type is of MULTIPLY_ENTITY_RISK_SCORE_WITH_TTL type. A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: `"3.5s"`.
`modification_resource_id`	`object (EntityRiskScoreModificationResourceId)` Optional. The resource id for which the user chooses to modify risk score. Resource id could be detection id or rule id.

EntityRiskScoreModificationType

Type of Entity Risk Score Modification.

Enums
`ENTITY_RISK_SCORE_MODIFICATION_TYPE_UNSPECIFIED`	Unspecified state for entity risk score modification type.
`MULTIPLY_CURRENT_ENTITY_RISK_SCORE`	Multiply type for applying multiplying factor on underlying detections that contribute to base entity risk score until they fade out in the sliding risk window.
`MULTIPLY_ENTITY_RISK_SCORE_WITH_TTL`	Multiply type for applying multiplying factor to entity risk score with a TTL.
`MULTIPLY_DETECTION_RISK_SCORE_BY_DETECTION_ID`	Multiply a specific detection's risk score during entity risk score calculation.
`MULTIPLY_DETECTION_RISK_SCORE_BY_RULE_ID_WITH_TTL`	Multiply detection risk score triggered by a specific rule during entity risk score calculation with a TTL.

EntityRiskScoreModificationResourceId

Message of resource id for which the user chooses to modify risk score. Resource id could be detection id or rule id.

JSON representation
{ // Union field `id` can be only one of the following: "detection_id": string, "rule_id": string // End of list of possible types for union field `id`. }

Fields

Fields
Union field `id`. `id` can be only one of the following:
`detection_id`	`string` Optional. The detection id for which the user chooses to modify detection risk score for.
`rule_id`	`string` Optional. The rule id for which the user chooses to modify detection risk score for.

Union field id.

id can be only one of the following:

detection_id

string

Optional. The detection id for which the user chooses to modify detection risk score for.

rule_id

string

Optional. The rule id for which the user chooses to modify detection risk score for.