This is a cache of https://docs.openshift.com/acs/4.5/api/AlertService.html. It is a snapshot of the page at 2024-11-25T18:11:40.245+0000.
AlertService | API reference | Red Hat Advanced Cluster Security for Kubernetes 4.5
×

CountAlerts

GET /v1/alertscount

CountAlerts counts how many alerts match the get request.

Description

Parameters

Query Parameters

Name Description Required Default Pattern

query

-

null

pagination.limit

-

null

pagination.offset

-

null

pagination.sortOption.field

-

null

pagination.sortOption.reversed

-

null

pagination.sortOption.aggregateBy.aggrFunc

-

UNSET

pagination.sortOption.aggregateBy.distinct

-

null

Return Type

Content Type

  • application/json

Responses

Table 1. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1CountAlertsResponse

0

An unexpected error response.

RuntimeError

Samples

DeleteAlerts

DELETE /v1/alerts

Description

Parameters

Query Parameters

Name Description Required Default Pattern

query.query

-

null

query.pagination.limit

-

null

query.pagination.offset

-

null

query.pagination.sortOption.field

-

null

query.pagination.sortOption.reversed

-

null

query.pagination.sortOption.aggregateBy.aggrFunc

-

UNSET

query.pagination.sortOption.aggregateBy.distinct

-

null

confirm

-

null

Content Type

  • application/json

Responses

Table 2. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1DeleteAlertsResponse

0

An unexpected error response.

RuntimeError

Samples

GetAlert

GET /v1/alerts/{id}

GetAlert returns the alert given its id.

Description

Parameters

Path Parameters

Name Description Required Default Pattern

id

X

null

Return Type

Content Type

  • application/json

Responses

Table 3. HTTP Response Codes
Code Message Datatype

200

A successful response.

StorageAlert

0

An unexpected error response.

RuntimeError

Samples

GetAlertTimeseries

GET /v1/alerts/summary/timeseries

GetAlertTimeseries returns the alerts sorted by time.

Description

Parameters

Query Parameters

Name Description Required Default Pattern

query

-

null

pagination.limit

-

null

pagination.offset

-

null

pagination.sortOption.field

-

null

pagination.sortOption.reversed

-

null

pagination.sortOption.aggregateBy.aggrFunc

-

UNSET

pagination.sortOption.aggregateBy.distinct

-

null

Content Type

  • application/json

Responses

Table 4. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1GetAlertTimeseriesResponse

0

An unexpected error response.

RuntimeError

Samples

GetAlertsCounts

GET /v1/alerts/summary/counts

GetAlertsCounts returns the number of alerts in the requested cluster or category.

Description

Parameters

Query Parameters

Name Description Required Default Pattern

request.query

-

null

request.pagination.limit

-

null

request.pagination.offset

-

null

request.pagination.sortOption.field

-

null

request.pagination.sortOption.reversed

-

null

request.pagination.sortOption.aggregateBy.aggrFunc

-

UNSET

request.pagination.sortOption.aggregateBy.distinct

-

null

groupBy

-

UNSET

Content Type

  • application/json

Responses

Table 5. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1GetAlertsCountsResponse

0

An unexpected error response.

RuntimeError

Samples

GetAlertsGroup

GET /v1/alerts/summary/groups

GetAlertsGroup returns alerts grouped by policy.

Description

Parameters

Query Parameters

Name Description Required Default Pattern

query

-

null

pagination.limit

-

null

pagination.offset

-

null

pagination.sortOption.field

-

null

pagination.sortOption.reversed

-

null

pagination.sortOption.aggregateBy.aggrFunc

-

UNSET

pagination.sortOption.aggregateBy.distinct

-

null

Content Type

  • application/json

Responses

Table 6. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1GetAlertsGroupResponse

0

An unexpected error response.

RuntimeError

Samples

ListAlerts

GET /v1/alerts

List returns the slim list version of the alerts.

Description

Parameters

Query Parameters

Name Description Required Default Pattern

query

-

null

pagination.limit

-

null

pagination.offset

-

null

pagination.sortOption.field

-

null

pagination.sortOption.reversed

-

null

pagination.sortOption.aggregateBy.aggrFunc

-

UNSET

pagination.sortOption.aggregateBy.distinct

-

null

Return Type

Content Type

  • application/json

Responses

Table 7. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1ListAlertsResponse

0

An unexpected error response.

RuntimeError

Samples

ResolveAlert

PATCH /v1/alerts/{id}/resolve

ResolveAlert marks the given alert (by ID) as resolved.

Description

Parameters

Path Parameters

Name Description Required Default Pattern

id

X

null

Body Parameter

Name Description Required Default Pattern

body

V1ResolveAlertRequest

X

Return Type

Object

Content Type

  • application/json

Responses

Table 8. HTTP Response Codes
Code Message Datatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

Samples

ResolveAlerts

PATCH /v1/alerts/resolve

ResolveAlertsByQuery marks alerts matching search query as resolved.

Description

Parameters

Body Parameter

Name Description Required Default Pattern

body

V1ResolveAlertsRequest

X

Return Type

Object

Content Type

  • application/json

Responses

Table 9. HTTP Response Codes
Code Message Datatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

Samples

SnoozeAlert

PATCH /v1/alerts/{id}/snooze

SnoozeAlert is deprecated.

Description

Parameters

Path Parameters

Name Description Required Default Pattern

id

X

null

Body Parameter

Name Description Required Default Pattern

body

V1SnoozeAlertRequest

X

Return Type

Object

Content Type

  • application/json

Responses

Table 10. HTTP Response Codes
Code Message Datatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

Samples

Common object reference

AlertDeploymentContainer

Field Name Required Nullable Type Description Format

image

StorageContainerImage

name

String

AlertEnforcement

Field Name Required Nullable Type Description Format

action

StorageEnforcementAction

UNSET_ENFORCEMENT, SCALE_TO_ZERO_ENFORCEMENT, UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT, KILL_POD_ENFORCEMENT, FAIL_BUILD_ENFORCEMENT, FAIL_KUBE_REQUEST_ENFORCEMENT, FAIL_DEPLOYMENT_CREATE_ENFORCEMENT, FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT,

message

String

AlertGroupAlertCounts

Field Name Required Nullable Type Description Format

severity

StorageSeverity

UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,

count

String

int64

AlertProcessViolation

Field Name Required Nullable Type Description Format

message

String

processes

List of StorageProcessIndicator

AlertResourceResourceType

Enum Values

UNKNOWN

SECRETS

CONFIGMAPS

CLUSTER_ROLES

CLUSTER_ROLE_BINDINGS

NETWORK_POLICIES

SECURITY_CONTEXT_CONSTRAINTS

egress_FIREWALLS

AlertViolation

Field Name Required Nullable Type Description Format

message

String

keyValueAttrs

ViolationKeyValueAttrs

networkFlowInfo

ViolationNetworkFlowInfo

type

AlertViolationType

GENERIC, K8S_EVENT, NETWORK_FLOW, NETWORK_POLICY,

time

Date

Indicates violation time. This field differs from top-level field 'time' which represents last time the alert occurred in case of multiple occurrences of the policy alert. As of 55.0, this field is set only for kubernetes event violations, but may not be limited to it in future.

date-time

AlertViolationType

Enum Values

GENERIC

K8S_EVENT

NETWORK_FLOW

NETWORK_POLICY

ClusterAlertsAlertEvents

Field Name Required Nullable Type Description Format

severity

StorageSeverity

UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,

events

List of V1AlertEvent

GetAlertTimeseriesResponseClusterAlerts

Field Name Required Nullable Type Description Format

cluster

String

severities

List of ClusterAlertsAlertEvents

GetAlertsCountsResponseAlertGroup

Field Name Required Nullable Type Description Format

group

String

counts

List of AlertGroupAlertCounts

KeyValueAttrsKeyValueAttr

Field Name Required Nullable Type Description Format

key

String

value

String

ListAlertCommonEntityInfo

Fields common to all entities that an alert might belong to.

Field Name Required Nullable Type Description Format

clusterName

String

namespace

String

clusterId

String

namespaceId

String

resourceType

StorageListAlertResourceType

DEPLOYMENT, SECRETS, CONFIGMAPS, CLUSTER_ROLES, CLUSTER_ROLE_BINDINGS, NETWORK_POLICIES, SECURITY_CONTEXT_CONSTRAINTS, egress_FIREWALLS,

ListAlertPolicyDevFields

Field Name Required Nullable Type Description Format

SORTName

String

ListAlertResourceEntity

Field Name Required Nullable Type Description Format

name

String

NetworkFlowInfoEntity

Field Name Required Nullable Type Description Format

name

String

entityType

StorageNetworkEntityInfoType

UNKNOWN_TYPE, DEPLOYMENT, INTERNET, LISTEN_ENDPOINT, EXTERNAL_SOURCE, INTERNAL_ENTITIES,

deploymentNamespace

String

deploymentType

String

port

Integer

int32

PolicyMitreAttackVectors

Field Name Required Nullable Type Description Format

tactic

String

techniques

List of string

ProcessSignalLineageInfo

Field Name Required Nullable Type Description Format

parentUid

Long

int64

parentExecFilePath

String

ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field Name Required Nullable Type Description Format

typeUrl

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

value

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

RuntimeError

Field Name Required Nullable Type Description Format

error

String

code

Integer

int32

message

String

details

List of ProtobufAny

StorageAlert

Field Name Required Nullable Type Description Format

id

String

policy

StoragePolicy

lifecycleStage

StorageLifecycleStage

DEPLOY, BUILD, RUNTIME,

clusterId

String

clusterName

String

namespace

String

namespaceId

String

deployment

StorageAlertDeployment

image

StorageContainerImage

resource

StorageAlertResource

violations

List of AlertViolation

For run-time phase alert, a maximum of 40 violations are retained.

processViolation

AlertProcessViolation

enforcement

AlertEnforcement

time

Date

date-time

firstOccurred

Date

date-time

resolvedAt

Date

The time at which the alert was resolved. Only set if ViolationState is RESOLVED.

date-time

state

StorageViolationState

ACTIVE, SNOOZED, RESOLVED, ATTEMPTED,

snoozeTill

Date

date-time

StorageAlertDeployment

Field Name Required Nullable Type Description Format

id

String

name

String

type

String

namespace

String

namespaceId

String

labels

Map of string

clusterId

String

clusterName

String

containers

List of AlertDeploymentContainer

annotations

Map of string

inactive

Boolean

StorageAlertResource

Represents an alert on a kubernetes resource other than a deployment (configmaps, secrets, etc.)
Field Name Required Nullable Type Description Format

resourceType

AlertResourceResourceType

UNKNOWN, SECRETS, CONFIGMAPS, CLUSTER_ROLES, CLUSTER_ROLE_BINDINGS, NETWORK_POLICIES, SECURITY_CONTEXT_CONSTRAINTS, egress_FIREWALLS,

name

String

clusterId

String

clusterName

String

namespace

String

namespaceId

String

StorageBooleanOperator

Enum Values

OR

AND

StorageContainerImage

Next tag: 12
Field Name Required Nullable Type Description Format

id

String

name

StorageImageName

notPullable

Boolean

isClusterLocal

Boolean

StorageEnforcementAction

  • FAIL_KUBE_REQUEST_ENFORCEMENT: FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events.

  • FAIL_DEPLOYMENT_CREATE_ENFORCEMENT: FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates.

  • FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT: FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.

Enum Values

UNSET_ENFORCEMENT

SCALE_TO_ZERO_ENFORCEMENT

UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT

KILL_POD_ENFORCEMENT

FAIL_BUILD_ENFORCEMENT

FAIL_KUBE_REQUEST_ENFORCEMENT

FAIL_DEPLOYMENT_CREATE_ENFORCEMENT

FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT

StorageEventSource

Enum Values

NOT_APPLICABLE

DEPLOYMENT_EVENT

AUDIT_LOG_EVENT

StorageExclusion

Field Name Required Nullable Type Description Format

name

String

deployment

StorageExclusionDeployment

image

StorageExclusionImage

expiration

Date

date-time

StorageExclusionDeployment

Field Name Required Nullable Type Description Format

name

String

scope

StorageScope

StorageExclusionImage

Field Name Required Nullable Type Description Format

name

String

StorageImageName

Field Name Required Nullable Type Description Format

registry

String

remote

String

tag

String

fullName

String

StorageL4Protocol

Enum Values

L4_PROTOCOL_UNKNOWN

L4_PROTOCOL_TCP

L4_PROTOCOL_UDP

L4_PROTOCOL_ICMP

L4_PROTOCOL_RAW

L4_PROTOCOL_SCTP

L4_PROTOCOL_ANY

StorageLifecycleStage

Enum Values

DEPLOY

BUILD

RUNTIME

StorageListAlert

Field Name Required Nullable Type Description Format

id

String

lifecycleStage

StorageLifecycleStage

DEPLOY, BUILD, RUNTIME,

time

Date

date-time

policy

StorageListAlertPolicy

state

StorageViolationState

ACTIVE, SNOOZED, RESOLVED, ATTEMPTED,

enforcementCount

Integer

int32

enforcementAction

StorageEnforcementAction

UNSET_ENFORCEMENT, SCALE_TO_ZERO_ENFORCEMENT, UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT, KILL_POD_ENFORCEMENT, FAIL_BUILD_ENFORCEMENT, FAIL_KUBE_REQUEST_ENFORCEMENT, FAIL_DEPLOYMENT_CREATE_ENFORCEMENT, FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT,

commonEntityInfo

ListAlertCommonEntityInfo

deployment

StorageListAlertDeployment

resource

ListAlertResourceEntity

StorageListAlertDeployment

Field Name Required Nullable Type Description Format

id

String

name

String

clusterName

String

This field is deprecated and can be found in CommonEntityInfo. It will be removed from here in a future release.

namespace

String

This field is deprecated and can be found in CommonEntityInfo. It will be removed from here in a future release.

clusterId

String

This field is deprecated and can be found in CommonEntityInfo. It will be removed from here in a future release.

inactive

Boolean

namespaceId

String

This field is deprecated and can be found in CommonEntityInfo. It will be removed from here in a future release.

StorageListAlertPolicy

Field Name Required Nullable Type Description Format

id

String

name

String

severity

StorageSeverity

UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,

description

String

categories

List of string

developerInternalFields

ListAlertPolicyDevFields

StorageListAlertResourceType

A special ListAlert-only enumeration of all resource types. Unlike Alert.Resource.ResourceType this also includes deployment as a type This must be kept in sync with Alert.Resource.ResourceType (excluding the deployment value)
Enum Values

DEPLOYMENT

SECRETS

CONFIGMAPS

CLUSTER_ROLES

CLUSTER_ROLE_BINDINGS

NETWORK_POLICIES

SECURITY_CONTEXT_CONSTRAINTS

egress_FIREWALLS

StorageNetworkEntityInfoType

  • INTERNAL_ENTITIES: INTERNAL_ENTITIES is for grouping all internal entities under a single network graph node

Enum Values

UNKNOWN_TYPE

DEPLOYMENT

INTERNET

LISTEN_ENDPOINT

EXTERNAL_SOURCE

INTERNAL_ENTITIES

StoragePolicy

Field Name Required Nullable Type Description Format

id

String

name

String

description

String

rationale

String

remediation

String

disabled

Boolean

categories

List of string

lifecycleStages

List of StorageLifecycleStage

eventSource

StorageEventSource

NOT_APPLICABLE, DEPLOYMENT_EVENT, AUDIT_LOG_EVENT,

exclusions

List of StorageExclusion

scope

List of StorageScope

severity

StorageSeverity

UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,

enforcementActions

List of StorageEnforcementAction

FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates/updates. FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events. FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.

notifiers

List of string

lastUpdated

Date

date-time

SORTName

String

For internal use only.

SORTLifecycleStage

String

For internal use only.

SORTEnforcement

Boolean

For internal use only.

policyVersion

String

policySections

List of StoragePolicySection

mitreAttackVectors

List of PolicyMitreAttackVectors

criteriaLocked

Boolean

Read-only field. If true, the policy’s criteria fields are rendered read-only.

mitreVectorsLocked

Boolean

Read-only field. If true, the policy’s MITRE ATT&CK fields are rendered read-only.

isDefault

Boolean

Read-only field. Indicates the policy is a default policy if true and a custom policy if false.

StoragePolicyGroup

Field Name Required Nullable Type Description Format

fieldName

String

booleanOperator

StorageBooleanOperator

OR, AND,

negate

Boolean

values

List of StoragePolicyValue

StoragePolicySection

Field Name Required Nullable Type Description Format

sectionName

String

policyGroups

List of StoragePolicyGroup

StoragePolicyValue

Field Name Required Nullable Type Description Format

value

String

StorageProcessIndicator

Next available tag: 13
Field Name Required Nullable Type Description Format

id

String

deploymentId

String

containerName

String

podId

String

podUid

String

signal

StorageProcessSignal

clusterId

String

namespace

String

containerStartTime

Date

date-time

imageId

String

StorageProcessSignal

Field Name Required Nullable Type Description Format

id

String

A unique UUID for identifying the message We have this here instead of at the top level because we want to have each message to be self contained.

containerId

String

time

Date

date-time

name

String

args

String

execFilePath

String

pid

Long

int64

uid

Long

int64

gid

Long

int64

lineage

List of string

scraped

Boolean

lineageInfo

List of ProcessSignalLineageInfo

StorageScope

Field Name Required Nullable Type Description Format

cluster

String

namespace

String

label

StorageScopeLabel

StorageScopeLabel

Field Name Required Nullable Type Description Format

key

String

value

String

StorageSeverity

Enum Values

UNSET_SEVERITY

LOW_SEVERITY

MEDIUM_SEVERITY

HIGH_SEVERITY

CRITICAL_SEVERITY

StorageViolationState

Enum Values

ACTIVE

SNOOZED

RESOLVED

ATTEMPTED

V1AlertEvent

Field Name Required Nullable Type Description Format

time

String

int64

type

V1Type

CREATED, REMOVED,

id

String

V1CountAlertsResponse

Field Name Required Nullable Type Description Format

count

Integer

int32

V1DeleteAlertsResponse

Field Name Required Nullable Type Description Format

numDeleted

Long

int64

dryRun

Boolean

V1GetAlertTimeseriesResponse

Field Name Required Nullable Type Description Format

clusters

List of GetAlertTimeseriesResponseClusterAlerts

V1GetAlertsCountsResponse

Field Name Required Nullable Type Description Format

groups

List of GetAlertsCountsResponseAlertGroup

V1GetAlertsGroupResponse

Field Name Required Nullable Type Description Format

alertsByPolicies

List of V1GetAlertsGroupResponsePolicyGroup

V1GetAlertsGroupResponsePolicyGroup

Field Name Required Nullable Type Description Format

policy

StorageListAlertPolicy

numAlerts

String

int64

V1ListAlertsResponse

Field Name Required Nullable Type Description Format

alerts

List of StorageListAlert

V1ResolveAlertRequest

Field Name Required Nullable Type Description Format

id

String

whitelist

Boolean

addToBaseline

Boolean

V1ResolveAlertsRequest

Field Name Required Nullable Type Description Format

query

String

V1SnoozeAlertRequest

Field Name Required Nullable Type Description Format

id

String

snoozeTill

Date

date-time

V1Type

Enum Values

CREATED

REMOVED

ViolationKeyValueAttrs

Field Name Required Nullable Type Description Format

attrs

List of KeyValueAttrsKeyValueAttr

ViolationNetworkFlowInfo

Field Name Required Nullable Type Description Format

protocol

StorageL4Protocol

L4_PROTOCOL_UNKNOWN, L4_PROTOCOL_TCP, L4_PROTOCOL_UDP, L4_PROTOCOL_ICMP, L4_PROTOCOL_RAW, L4_PROTOCOL_SCTP, L4_PROTOCOL_ANY,

source

NetworkFlowInfoEntity

destination

NetworkFlowInfoEntity