On This Page
TQL Fields For USP Alerts
The following fields are available via TQL.
All Fields
Field Name | Description | Values / Format |
---|---|---|
allDevices |
The alert applies to all devices | true, false |
allUsps |
The alert applies to all USPs | true, false |
description |
Alert description | String |
device.name |
A device name selected for the alert | String |
disabled |
The alert is disabled | true, false |
domain.name |
The name of the domain to which the device has been assigned |
String |
externalRecipients.email |
List of email addresses that will receive the alert | String |
name | Alert name | String |
recipients.name |
List of TOS Aurora users that will receive the alert | String |
violationSeverities |
One or more severities to trigger the alert | CRITICAL, HIGH, MEDIUM, LOW |
syslogEnabled |
The alert will be sent to syslog | true, false |
timeCreated |
Date alert created | YYYY-MM-DD |
timeLastModified |
Date alert last modified | YYYY-MM-DD |
usp.name |
USP name | String |
Sort Fields
Fields than can be used with the 'order by' operator.
- name
- timeLastModified
-
timeCreated
Query Examples
-
Review critical and high alerts for a specific USP matrix in the organization - search for alerts severities on all devices and USP name.
violationSeverities in ('CRITICAL', 'HIGH') and allDevices = true and usp.name = 'PCI matrix'