Sysdig · Schema

Sysdig Alert

Schema for a Sysdig Monitor alert definition

Cloud SecurityContainersKubernetesRuntime SecuritySecurityVulnerability ManagementMonitoringObservabilityCSPMCompliance

Properties

Name Type Description
id integer Unique alert identifier
name string Alert name
description string Alert description
severity integer Alert severity level (0=highest, 7=lowest)
enabled boolean Whether the alert is active
condition string Alert condition expression in Sysdig query language
segmentBy array Fields to segment the alert by
timespan integer Time duration in microseconds for the alert evaluation window
type string Alert evaluation type
notificationChannelIds array IDs of notification channels for alert routing
View JSON Schema on GitHub

JSON Schema

sysdig-alert-schema.json Raw ↑ 
{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "$id": "https://api-evangelist.github.io/sysdig/json-schema/sysdig-alert-schema.json",
  "title": "Sysdig Alert",
  "description": "Schema for a Sysdig Monitor alert definition",
  "type": "object",
  "properties": {
    "id": {
      "type": "integer",
      "description": "Unique alert identifier",
      "readOnly": true
    },
    "name": {
      "type": "string",
      "description": "Alert name",
      "maxLength": 255
    },
    "description": {
      "type": "string",
      "description": "Alert description"
    },
    "severity": {
      "type": "integer",
      "description": "Alert severity level (0=highest, 7=lowest)",
      "minimum": 0,
      "maximum": 7
    },
    "enabled": {
      "type": "boolean",
      "description": "Whether the alert is active"
    },
    "condition": {
      "type": "string",
      "description": "Alert condition expression in Sysdig query language"
    },
    "segmentBy": {
      "type": "array",
      "description": "Fields to segment the alert by",
      "items": {
        "type": "string"
      }
    },
    "timespan": {
      "type": "integer",
      "description": "Time duration in microseconds for the alert evaluation window"
    },
    "type": {
      "type": "string",
      "description": "Alert evaluation type",
      "enum": ["MANUAL", "BASELINE", "HOST_COMPARISON"]
    },
    "notificationChannelIds": {
      "type": "array",
      "description": "IDs of notification channels for alert routing",
      "items": {
        "type": "integer"
      }
    }
  },
  "required": ["name", "condition"]
}