TQL Fields For USP Alerts

The following fields are available via TQL.

All Fields

Field Name Description Values / Format

allDevices

The alert applies to all devices true, false

allUsps

The alert applies to all USPs true, false

description

Alert description String

device.name

A device name selected for the alert String

disabled

The alert is disabled true, false

domain.name

The name of the domain to which the device has been assigned

String

externalRecipients.email

List of email addresses that will receive the alert String
name Alert name String

recipients.name

List of TOS Aurora users that will receive the alert String

violationSeverities

One or more severities to trigger the alert CRITICAL, HIGH, MEDIUM, LOW

syslogEnabled

The alert will be sent to syslog true, false

timeCreated

Date alert created YYYY-MM-DD

timeLastModified

Date alert last modified YYYY-MM-DD

usp.name

USP name String

Sort Fields

Fields than can be used with the 'order by' operator.

  • name
  • timeLastModified
  • timeCreated

Query Examples

  • Review critical and high alerts for a specific USP matrix in the organization - search for alerts severities on all devices and USP name.

    violationSeverities in ('CRITICAL', 'HIGH') and allDevices = true and usp.name = 'PCI matrix'