Varonis · Schema

AlertedEvent

AlertedEvent schema from Varonis DatAlert API

Cloud SecurityComplianceData AnalyticsData GovernanceData SecurityThreat Detection

Properties

Name Type Description
id string Unique identifier for the event.
time string Timestamp when the event occurred.
operationType string Type of operation performed such as file access, permission change, or login attempt.
sourceAccount string Account that initiated the operation.
destinationAccount string Target account affected by the operation.
resource string Resource path or name affected by the event.
ipAddress string IP address from which the operation was performed.
ipReputation string Reputation classification of the IP address.
country string Country associated with the IP address.
state string State or region associated with the IP address.
deviceName string Name of the device from which the operation was performed.
View JSON Schema on GitHub

JSON Schema

varonis-datalert-alerted-event-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/varonis/refs/heads/main/json-schema/varonis-datalert-alerted-event-schema.json",
  "title": "AlertedEvent",
  "description": "AlertedEvent schema from Varonis DatAlert API",
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "description": "Unique identifier for the event."
    },
    "time": {
      "type": "string",
      "format": "date-time",
      "description": "Timestamp when the event occurred."
    },
    "operationType": {
      "type": "string",
      "description": "Type of operation performed such as file access, permission change, or login attempt."
    },
    "sourceAccount": {
      "type": "string",
      "description": "Account that initiated the operation."
    },
    "destinationAccount": {
      "type": "string",
      "description": "Target account affected by the operation."
    },
    "resource": {
      "type": "string",
      "description": "Resource path or name affected by the event."
    },
    "ipAddress": {
      "type": "string",
      "format": "ipv4",
      "description": "IP address from which the operation was performed."
    },
    "ipReputation": {
      "type": "string",
      "description": "Reputation classification of the IP address."
    },
    "country": {
      "type": "string",
      "description": "Country associated with the IP address."
    },
    "state": {
      "type": "string",
      "description": "State or region associated with the IP address."
    },
    "deviceName": {
      "type": "string",
      "description": "Name of the device from which the operation was performed."
    }
  }
}