OBJECT

LeanEvent

Minimum Event representation for Tenable.ot IEM

link GraphQL Schema definition

  • type LeanEvent {
  • # Id
  • id: ID!
  • # Type info regarding this event
  • eventType: EventTypeDetails!
  • # Source IP Used
  • srcIP: String
  • # Destination IP Used
  • dstIP: String
  • # Actual raw protocol identified by the system
  • protocolRaw: ProtocolType!
  • # The policy that caused this event
  • policy: LeanPolicy!
  • # Time
  • time: Time!
  • # Source MAC Used
  • srcMac: String
  • # Destination MAC Used
  • dstMac: String
  • # Completion status message
  • completion: EventStatus!
  • # Protocol name
  • protocolNiceName: String
  • # Was the event resolved by the user
  • resolved: Boolean!
  • # Resolve timestamp
  • resolvedTs: Time
  • # Hit Id
  • hitId: ID!
  • # Severity
  • severity: PolicyLevel!
  • # Category
  • category: EventCategoryType!
  • # Event comment
  • comment: String
  • # Log Id
  • logId: Float!
  • # Resolved by user
  • resolvedUser: String
  • # Type enum value
  • type: PolicyEventType!
  • # The src assets of the event
  • #
  • # Arguments
  • # after: Returns the items in the list that come after the
  • # specified cursor.
  • # first: Returns the first n items from the list.
  • # before: Returns the items in the list that come before the
  • # specified cursor.
  • # last: Returns the last n items from the list.
  • srcAssets(after: String, first: Int, before: String, last: Int): LeanAssetConnection!
  • # Source network interface id
  • srcInterface: ID
  • # The names of the sources of this event
  • #
  • # Arguments
  • # after: Returns the items in the list that come after the
  • # specified cursor.
  • # first: Returns the first n items from the list.
  • # before: Returns the items in the list that come before the
  • # specified cursor.
  • # last: Returns the last n items from the list.
  • srcNames(after: String, first: Int, before: String, last: Int): StringConnection!
  • # The dst assets of the event
  • #
  • # Arguments
  • # after: Returns the items in the list that come after the
  • # specified cursor.
  • # first: Returns the first n items from the list.
  • # before: Returns the items in the list that come before the
  • # specified cursor.
  • # last: Returns the last n items from the list.
  • dstAssets(after: String, first: Int, before: String, last: Int): LeanAssetConnection!
  • # Destination network interface ID
  • dstInterface: ID
  • # The names of the destinations of this event
  • #
  • # Arguments
  • # after: Returns the items in the list that come after the
  • # specified cursor.
  • # first: Returns the first n items from the list.
  • # before: Returns the items in the list that come before the
  • # specified cursor.
  • # last: Returns the last n items from the list.
  • dstNames(after: String, first: Int, before: String, last: Int): StringConnection!
  • # Does this event has details
  • hasDetails: Boolean!
  • # Payload size
  • payloadSize: Int!
  • # Protocol used + transport and port if available
  • protocol: String!
  • # The port of the event
  • port: Int
  • }

link Require by