Skip to main content

Alert

A notice of any unusual or dangerous circumstance that is sent to responsible parties for the purpose of triggering action.

Inherited properties
PropertyTypeDescriptionSpecifications
_class *
string |
array of strings
One or more classes conforming to a standard, abstract security data model. For example, an EC2 instance will have '_class':'Host'.
_key *
stringAn identifier unique within the scope containing the object. For example, for a Bitbucket repo, this will be the GUID of the repo as assigned by Bitbucket. For an IAM Role, this will be the ARN of the role.minLength: 10
_type *
stringThe type of object, typically reflecting the vendor and resource type. For example, 'aws_iam_user'. In some cases, a system knows about a type of entity that other systems know about, such as 'user_endpoint' or 'cve'.minLength: 3
displayName *
stringDisplay name, e.g. a person's preferred name or an AWS account alias
name *
stringName of this entity
approvedbooleanIf this is record has been reviewed and approved.
approvedOnnumberThe timestamp (in milliseconds since epoch) when this record was approved.
Format: date-time

approversarray of stringsThe list of approvers on the record.
categorystringThe category of the official record

Examples: exception, finding, hr, incident, issue, job, legal, request, policy, procedure, problem, review, risk, other
classificationstringThe sensitivity of the data; should match company data classification scheme. For example: critical - confidential - internal - public.

Examples: critical, confidential, internal, public
contentstringText content of the record/documentation
createdOnnumberThe timestamp (in milliseconds since epoch) when the entity was created at the source. This is different than _createdOn which is the timestamp the entity was first ingested into JupiterOne.
Format: date-time

descriptionstringAn extended description of this entity.
exceptionbooleanIndicates if this record has an applied exception. For example, exception for a known finding or a PR that is not fully approved.
exceptionReasonstringReason / description of the exception.
openbooleanIndicates if this record is currently open. For example, an open Vulnerability finding (Vulnerability extends Record).
productionbooleanIf this is a production record. For example, a production change management ticket would have this set to true, and have a category = change property. Another example would be a Vulnerability finding in production.
publicbooleanIf this is a public record. Defaults to false.default: false
reportedOnnumberThe timestamp (in milliseconds since epoch) when this record was reported/opened. In most cases, this would be the same as createdOn but occasionally a record can be created at a different time than when it was first reported.
Format: date-time

reporterstringThe person or system that reported or created this record.
summarystringA summary / short description of this entity.
updatedOnnumberThe timestamp (in milliseconds since epoch) when the entity was last updated at the source.
Format: date-time

webLinkstringHyperlink to the location of this record, e.g. URL to a Jira issue
Format: uri

Required properties
  • _key
  • _class
  • _type
  • name
  • displayName