On This Page
TQL Fields For USP Alerts
The following fields are available via TQL.
All Fields
| Field Name | Description | Values / Format |
|---|---|---|
|
allDevices |
The alert applies to all devices | true, false |
|
allUsps |
The alert applies to all USPs | true, false |
|
description |
Alert description | String |
|
device.name |
A device name selected for the alert | String |
|
disabled |
The alert is disabled | true, false |
|
domain.name |
The name of the domain to which the device has been assigned |
String |
|
externalRecipients.email |
List of email addresses that will receive the alert | String |
| name | Alert name | String |
|
recipients.name |
List of TOS Aurora users that will receive the alert | String |
|
violationSeverities |
One or more severities to trigger the alert | CRITICAL, HIGH, MEDIUM, LOW |
|
syslogEnabled |
The alert will be sent to syslog | true, false |
|
timeCreated |
Date alert created | YYYY-MM-DD |
|
timeLastModified |
Date alert last modified | YYYY-MM-DD |
|
usp.name |
USP name | String |
Sort Fields
Fields than can be used with the 'order by' operator.
- name
- timeLastModified
-
timeCreated
Query Examples
-
Review critical and high alerts for a specific USP matrix in the organization - search for alerts severities on all devices and USP name.
violationSeverities in ('CRITICAL', 'HIGH') and allDevices = true and usp.name = 'PCI matrix'
