Skip to main content

v1.EventAlert Schema

The v1.EventAlert schema is AlphaSOC's proprietary format for security alerts. It captures network security events with essential metadata and contextual information. This schema:

  • Enhances detection with threat categories and contextual intelligence.
  • Provides compact output focused on key event details.
  • Supports automated parsing and integration across security tools.

Here's an example of a finding following the v1.EventAlert schema:

{
  "id": "94a81d5a-26af-569f-a137-f21f22ec6873",
  "eventType": "dns",
  "event": {
    "ts": "2024-08-17T14:27:45.128161624Z",
    "srcIP": "10.14.1.43",
    "srcPort": 51450,
    "query": "00efwukoewpbpwbmkvbefiqbhtccsbhkafydmhvnermqnwipwnuwkm.00.evrl.to",
    "qtype": "A",
    "rcode": ""
  },
  "threats": [
    "multiple_long_hostnames"
  ],
  "wisdom": {
    "flags": [
      "perplexing_host",
      "suspicious_tld",
      "unique"
    ],
    "domain": "evrl.to"
  },
  "detections": [
    {
      "id": "dns_tunnel",
      "key": "evrl.to",
      "severity": 4
    }
  ],
  "mitreAttack": [
...