Health Schema

You can refer to this health schema to configure the payload template for a third-party templated connection.

Schema

1
2
3
4
5
6
7
8
9
10
11
12
13
{
  "cid": "string",
  "customer_account_name": "string",
  "deployment_name": "string",
  "exposure_impact": "string",
  "ip_addresses": [
    "string"
  ],
  "remediation_id": "string",
  "report_description": "string",
  "resolution": "string",
  "target_asset_type": "string"
}

Definitions

• cid (number) – Alert Logic customer account identifier (example: 12345678)

• customer_account_name (string) – Name of the Alert Logic customer account (example: XYZ Corporation)

• deployment_name (string) - Name of the deployment that the affected collection asset is in (example: AWS Test Deployment)

• exposure_impact (string) – Summary of the security impact caused by the health exposure (example: The Alert Logic appliance associated has either stopped or is unable to check in with Alert Logic.)

• ip_addresses (array) - List of IP addresses impacted by the health exposure (example: 10.0.0.0)

• remediation_id (string) - Backend identification for the remediation associated with the health exposure (example: appliance_restart_appliance)

• report_description (string) - Brief description of the health exposure (example: The Alert Logic appliance is offline or unable to reach Alert Logic.)

• resolution (string) – Resolution actions for the remediation associated with the health exposure (example: Alert Logic recommends you re-enable this appliance.)

• target_asset_type (string) – Type of collection asset for the notification rule (example: appliance)

  Valid values: agent, appliance, collector

Sample JSON

Alert Logic uses this JSON object to test templated connections with a Health payload type.

1
2
3
4
5
6
7
8
9
10
11
12
13
{
  "cid": "12345678",
  "customer_account_name": "XYZ Corporation",
  "deployment_name": "AWS Test Deployment",
  "exposure_impact": "The Alert Logic appliance associated has either stopped or is unable to check in with Alert Logic. Ensure that the host is running and is able to reach Alert Logic",
  "ip_addresses": [
    "10.0.0.0"
  ],
  "remediation_id": "appliance_restart_appliance",
  "report_description": "The Alert Logic appliance is offline or unable to reach Alert Logic.",
  "resolution": "Alert Logic recommends you re-enable this appliance.",
  "target_asset_type": "appliance"
}