SNS / WebHook Integration ended reason, replaced_by_id, and replaced_by_status fields

by kchen on ‎05-02-2018 02:56 PM (83 Views)

Three new fields are unique to SNS and WebHook Integration notifications.  These fields are used to identify why the alert ended and what alert is now in its place.

 

ended_reason

Explains why the alert ended.  Possible values:

  • from_api
  • new_alert
  • from_scan
  • not_present_after_scan
  • signature_deleted
  • custom_signature_deleted
  • suppression_created
  • suppression_deactivated
  • custom_risk_level_created
  • custom_risk_level_deleted

 

replaced_by_id

ID of the new alert that replaced this alert

 

replaced_by_status

Status of the new alert that replaced this alert

 

Note: The above is written on 5/17/2017.  It is subject to change.

Ignite 2018, Amsterdam, Netherlands
Ask Questions Get Answers Join the Live Community
Labels
Contributors