SNS / WebHook Integration ended reason, replaced_by_id, and replaced_by_status fields

by kchen on ‎05-02-2018 02:56 PM (83 Views)

Three new fields are unique to SNS and WebHook Integration notifications.  These fields are used to identify why the alert ended and what alert is now in its place.



Explains why the alert ended.  Possible values:

  • from_api
  • new_alert
  • from_scan
  • not_present_after_scan
  • signature_deleted
  • custom_signature_deleted
  • suppression_created
  • suppression_deactivated
  • custom_risk_level_created
  • custom_risk_level_deleted



ID of the new alert that replaced this alert



Status of the new alert that replaced this alert


Note: The above is written on 5/17/2017.  It is subject to change.

Ignite 2018, Amsterdam, Netherlands
Ask Questions Get Answers Join the Live Community