Charge utile de l'événement de menace

Vous pouvez utiliser les charges utiles d'événements de menace suivantes pour déclencher des workflows asynchrones et des synchronisations pour les webhooks et les API de notification d'événements.

Exemple

Le code suivant est un exemple de charge utile. Utilisez les API Events pour récupérer les attributs réels. Voir https://docs.verify.ibm.com/verify/reference/getallevents et https://docs.verify.ibm.com/verify/docs/pulling-event-data.

{
    "data": {
      "date": "2023-07-10",
      "rule_attribute": "ibm:threat_abnormal_user_activities",
      "most_significant_data_origin": [
        "<IP>"
      ],
      "top5_affected_data_username": "{'username': 20}",
      "source": "[('data.mfamethod', 'Voice OTP'), ('data.username', 'username')]",
      "suspicious_ips_count": 1,
      "most_significant_data_mfamethod": [
        "Voice OTP"
      ],
      "most_significant_geoip_country_name": [
        "India"
      ],
      "most_significant_data_grant_type": [],
      "top5_affected_tenantname": "{'tenant_name': 20}",
      "anomalous_event_count": 20,
      "most_significant_tenantname": [
        "tenant_name"
      ],
      "summary": "Abnormal number of device enrollments: 20 anomalous events are observed, beyond normal traffic volume, from 2023-07-10 19:00:00 UTC to 2023-07-10 20:00:00 UTC.",
      "severity": "critical",
      "top5_affected_data_origin": "{'<IP>': 20}",
      "rule_name": "Abnormal number of device enrollments",
      "impacted_user_count": 1,
      "end_time": "2023-07-10 20:00:00",
      "anomalous_suspicious_ips": [
        "<IP>"
      ],
      "rule_id": "ABNORMAL_DEVICE_ENROLLMENT",
      "top5_affected_geoip_country_name": "{'India': 20}",
      "start_time": "2023-07-10 19:00:00",
      "component": "Login activity",
      "normal_traffic_volume": 0,
      "top5_affected_data_grant_type": "{}",
      "top5_affected_data_mfamethod": "{'Voice OTP': 20}",
      "most_significant_data_username": [
        "username"
      ]
    },
    "year": 2023,
    "event_type": "threat",
    "month": 7,
    "indexed_at": 1689019317074,
    "tenantid": "tenant_id",
    "tenantname": "tenant_name",
    "servicename": "Anomaly-Detector",
    "id": "<event_identifier>",
    "time": 1689019315275,
    "day": 10
  }