Cybersecurity Events

System Event

Details of the System Generated Event.

feature will be Unusual Data Activity
type will be System Event
category will be EVENT
syslogSeverity for System Event will be 4 or 6

category string

The category of the event. The possible values are: EVENT AUDIT ALERT.

details object

Properties

alertTime string

Time at which the event was generated.

resourceID string

Unique ID of the resource for which the event is generated.

error_reason string

Reason for the error.

resourceName string

Name of the resource for which the event is generated.

resourceType string

Type of the resource for which the event is generated.

affectedSnapshot string

Snapshot ID of the affected snapshot.

resourceParentID string

Parent ID of the resource for which the event is generated.

resourceParentName string

Parent name of the resource for which the event is generated.

feature string

Type of the entity for which the event has happened.

globalID string

Represents the global ID of the customer or MSP.

timeStamp integer

The epoch representation of the time at which the event occurred.

syslogFacility integer

Syslog standard of defining the event origin/type.

syslogSeverity integer

SyslogSeverity represents the severity(0-7) of the event.

type string

Type of the event. For example, 'SystemEvent' or 'UserRestore'. This event's title is its type.

Alert

Details of the Alert Event.

feature will be Alerts And Notifications
type will be Alert
category will be EVENT
syslogSeverity for Alert Event will be 3, 4 or 6

category string

The category of the event. The possible values are: EVENT AUDIT ALERT.

details object

Properties

alertName string

Name of the alert. The possible values are: Unusual Data Activity.

udaType array

Type of the UDA operation.

alertTime string

Time at which the operation was performed.

resourceID string

Unique ID of the resource for which the operation was performed.

resourceName string

Name of the resource for which the operation was performed.

resourceType string

Type of the resource for which the operation was performed.

resourceParentID string

Parent ID of the resource for which the operation was performed.

resourceParentName string

Parent name of the resource for which the operation was performed.

EncryptionReason string

Reason for the encryption.

affectedSnapshot string

Snapshot timestamp of the affected snapshot

fileInfo object

Properties

newFiles integer

Number of new files.

updatedFiles integer

Number of updated files.

deletedFiles integer

Number of deleted files.

encryptedFiles integer

Number of encrypted files.

Or

Properties

alertName string

Name of the alert. The possible values are: Admin Login Event - New Location.

location string

Location from where the admin logged in.

adminName string

Name of the admin who logged in.

adminLoginTime string

Time at which the admin logged in.

adminEmail string

Email of the admin who logged in.

loginResult string

Result of the login operation. The possible values are: Success Failure.

adminIPAddress string

IP address of the admin who logged in.

Or

Properties

alertName string

Name of the alert. The possible values are: Data Access Alert - New Location.

dataAccessType string

Type of the data access. The possible values are: User Download User Restore Admin Download Admin Restore.

files integer

Number of files restored.

size integer

Size of the data restored.

status string

Status of the restore operation. The possible values are: Successful Failed.

startTime string

Time at which the restore operation started.

endTime string

Time at which the restore operation ended.

resourceID string

Unique ID of the resource for which the event is generated.

resourceName string

Name of the resource for which the event is generated.

targetIP string

IP address of the target machine where the data is restored.

targetLocation string

Location of the target machine where the data is restored.

initiatorName string

Name of the user who initiated the restore operation.

feature string

Type of the entity for which the event has happened.

globalID string

Represents the global ID of the customer or MSP.

timeStamp integer

The epoch representation of the time at which the event occurred.

syslogFacility integer

Syslog standard of defining the event origin/type.

syslogSeverity integer

SyslogSeverity represents the severity(0-7) of the event.

type string

Type of the event. For example, 'SystemEvent' or 'UserRestore'. This event's title is its type.

User Restore

Details of the User Restore Event.

feature will be Data Access
type will be User Restore
category will be EVENT
syslogSeverity for User Restore Event will be 4

category string

The category of the event. The possible values are: EVENT AUDIT ALERT.

details object

Properties

files integer

Number of files restored.

size integer

Size of the data restored.

status string

Status of the restore operation. The possible values are: Successful Failed.

startTime string

Time at which the restore operation started.

endTime string

Time at which the restore operation ended.

resourceID string

Unique ID of the resource for which the event is generated.

resourceName string

Name of the resource for which the event is generated.

targetIP string

IP address of the target machine where the data is restored.

targetLocation string

Location of the target machine where the data is restored.

initiatorName string

Name of the user who initiated the restore operation.

feature string

Type of the entity for which the event has happened.

globalID string

Represents the global ID of the customer or MSP.

timeStamp integer

The epoch representation of the time at which the event occurred.

syslogFacility integer

Syslog standard of defining the event origin/type.

syslogSeverity integer

SyslogSeverity represents the severity(0-7) of the event.

type string

Type of the event. For example, 'SystemEvent' or 'UserRestore'. This event's title is its type.

Admin Download

Details of the Admin Download Event.

feature will be Data Access
type will be Admin Download
category will be EVENT
syslogSeverity for Admin Download Event will be 4

category string

The category of the event. The possible values are: EVENT AUDIT ALERT.

details object

Properties

files integer

Number of files downloaded.

size integer

Size of the data downloaded.

status string

Status of the download operation. The possible values are: Successful Failed.

startTime string

Time at which the download operation started.

endTime string

Time at which the download operation ended.

resourceID string

Unique ID of the resource for which the event is generated.

resourceName string

Name of the resource for which the event is generated.

targetIP string

IP address of the target machine where the data is downloaded.

targetLocation string

Location of the target machine where the data is downloaded.

initiatorName string

Name of the user who initiated the download operation.

feature string

Type of the entity for which the event has happened.

globalID string

Represents the global ID of the customer or MSP.

timeStamp integer

The epoch representation of the time at which the event occurred.

syslogFacility integer

Syslog standard of defining the event origin/type.

syslogSeverity integer

SyslogSeverity represents the severity(0-7) of the event.

type string

Type of the event. For example, 'SystemEvent' or 'UserRestore'. This event's title is its type.

Admin Restore

Details of the Admin Restore Event.

feature will be Data Access
type will be Admin Restore
category will be EVENT
syslogSeverity for Admin Restore Event will be 4

category string

The category of the event. The possible values are: EVENT AUDIT ALERT.

details object

Properties

files integer

Number of files restored.

size integer

Size of the data restored.

status string

Status of the restore operation. The possible values are: Successful Failed.

startTime string

Time at which the restore operation started.

endTime string

Time at which the restore operation ended.

resourceID string

Unique ID of the resource for which the event is generated.

resourceName string

Name of the resource for which the event is generated.

targetIP string

IP address of the target machine where the data is restored.

targetLocation string

Location of the target machine where the data is restored.

initiatorName string

Name of the user who initiated the restore operation.

feature string

Type of the entity for which the event has happened.

globalID string

Represents the global ID of the customer or MSP.

timeStamp integer

The epoch representation of the time at which the event occurred.

syslogFacility integer

Syslog standard of defining the event origin/type.

syslogSeverity integer

SyslogSeverity represents the severity(0-7) of the event.

type string

Type of the event. For example, 'SystemEvent' or 'UserRestore'. This event's title is its type.

User Download

Details of the User Download Event.

feature will be Data Access
type will be User Download
category will be EVENT
syslogSeverity for User Download Event will be 4

category string

The category of the event. The possible values are: EVENT AUDIT ALERT.

details object

Properties

files integer

Number of files downloaded.

size integer

Size of the data downloaded.

status string

Status of the download operation. The possible values are: Successful Failed.

startTime string

Time at which the download operation started.

endTime string

Time at which the download operation ended.

resourceID string

Unique ID of the resource for which the event is generated.

resourceName string

Name of the resource for which the event is generated.

targetIP string

IP address of the target machine where the data is downloaded.

targetLocation string

Location of the target machine where the data is downloaded.

initiatorName string

Name of the user who initiated the download operation.

feature string

Type of the entity for which the event has happened.

globalID string

Represents the global ID of the customer or MSP.

timeStamp integer

The epoch representation of the time at which the event occurred.

syslogFacility integer

Syslog standard of defining the event origin/type.

syslogSeverity integer

SyslogSeverity represents the severity(0-7) of the event.

type string

Type of the event. For example, 'SystemEvent' or 'UserRestore'. This event's title is its type.

API Restore

Details of the API Restore Event.

feature will be Data Access
type will be API Restore
category will be EVENT
syslogSeverity for API Restore Event will be 4

category string

The category of the event. The possible values are: EVENT AUDIT ALERT.

details object

Properties

files integer

Number of files restored.

size integer

Size of the data restored.

status string

Status of the restore operation. The possible values are: Successful Failed.

startTime string

Time at which the restore operation started.

endTime string

Time at which the restore operation ended.

resourceID string

Unique ID of the resource for which the event is generated.

resourceName string

Name of the resource for which the event is generated.

targetIP string

IP address of the target machine where the data is restored.

targetLocation string

Location of the target machine where the data is restored.

initiatorName string

Name of the user who initiated the restore operation.

feature string

Type of the entity for which the event has happened.

globalID string

Represents the global ID of the customer or MSP.

timeStamp integer

The epoch representation of the time at which the event occurred.

syslogFacility integer

Syslog standard of defining the event origin/type.

syslogSeverity integer

SyslogSeverity represents the severity(0-7) of the event.

type string

Type of the event. For example, 'SystemEvent' or 'UserRestore'. This event's title is its type.

Malicious File Scan

Details of the Malicious File Scan Event.

feature will be Admin Event
type will be Malicious File Scan
category will be EVENT
syslogSeverity for Malicious File Scan Event will be 1

category string

The category of the event. The possible values are: EVENT AUDIT ALERT.

details object

Properties

ScanJobID string

Unique ID of the scan job.

JobType string

Type of the job.

Activity string

Activity of the job. The possible values are: Job Created Job Completed.

StartTime string

Time at which the job started.

EndTime string

Time at which the job ended for the Job Completed activity.

JobCreatedBy string

Name / Email of the user who created the job.

ProductJobID integer

Product generated unique ID of the job.

ResourceName string

Name of the resource for which the job was created.

ResourceType string

Type of the resource for which the job was created.

ResourceParent string

Parent of the resource for which the job was created.

FilesBlocked integer

Number of files blocked for the Job Completed activity.

FilesScanned integer

Number of files scanned for the Job Completed activity.

FilesScanSkipped integer

Number of files skipped for scanning for the Job Completed activity.

FilesSelectedForRestore integer

Number of files selected for restore for the Job Completed activity.

feature string

Type of the entity for which the event has happened.

globalID string

Represents the global ID of the customer or MSP.

timeStamp integer

The epoch representation of the time at which the event occurred.

syslogFacility integer

Syslog standard of defining the event origin/type.

syslogSeverity integer

SyslogSeverity represents the severity(0-7) of the event.

type string

Type of the event. For example, 'SystemEvent' or 'UserRestore'. This event's title is its type.

Curated Snapshot

Details of the Curated Snapshot Event.

feature will be Admin Event
type will be Curated Snapshot
category will be EVENT
syslogSeverity for Curated Snapshot Event will be 1

category string

The category of the event. The possible values are: EVENT AUDIT ALERT.

details object

Properties

SSJobID integer

Unique ID of the snapshot job.

ScanJobID string

Unique ID of the scan job.

SnapshotID string

Unique ID of the snapshot which contains the timestamp.

Activity string

Activity of the snapshot job. The possible values are: Curated snapshot created Curated snapshot creation started.

StartTime string

Time at which the snapshot job started.

Expiry string

Time at which the snapshot will expire.

JobCreatedBy string

Name / Email of the user who created the snapshot job.

FilesBlocked integer

Number of files blocked for the snapshot job.

FilesExcluded integer

Number of files excluded for the snapshot job.

FilesIncluded integer

Number of files included for the snapshot job.

FilesScanedSkipped integer

Number of files skipped for scanning for the snapshot job.

ResourceName string

Name of the resource for which the snapshot job was created.

ResourceType string

Type of the resource for which the snapshot job was created.

ResourceParent string

Parent of the resource for which the snapshot job was created.

SSRangeStartDate string

Start date of the snapshot range.

SSRangeEndDate string

End date of the snapshot range.

JobType string

Type of the snapshot job.

CreatedBy string

Name of the user who created the snapshot job. This field comes for the activity **Curated snapshot created**.

feature string

Type of the entity for which the event has happened.

globalID string

Represents the global ID of the customer or MSP.

timeStamp integer

The epoch representation of the time at which the event occurred.

syslogFacility integer

Syslog standard of defining the event origin/type.

syslogSeverity integer

SyslogSeverity represents the severity(0-7) of the event.

type string

Type of the event. For example, 'SystemEvent' or 'UserRestore'. This event's title is its type.

Admin Audit Trail

Details of the Admin Audit Trail Event.

feature will be Unusual Data Activity
type will be Admin Audit Trail
category will be EVENT
syslogSeverity for Admin Audit Trail Event will be 6

category string

The category of the event. The possible values are: EVENT AUDIT ALERT.

details object

Properties

udaType array

Type of the UDA operation.

adminName string

Name of the admin who performed the operation.

alertTime string

Time at which the operation was performed.

resourceID string

Unique ID of the resource for which the operation was performed.

resourceName string

Name of the resource for which the operation was performed.

resourceType string

Type of the resource for which the operation was performed.

resourceParentID string

Parent ID of the resource for which the operation was performed.

resourceParentName string

Parent name of the resource for which the operation was performed.

adminActivity string

Activity performed by the admin. The possible values are: Unusual Data Activity - Download logs Unusual Data Activity - Ignore Alert.

affectedSnapshot string

Snapshot timestamp of the affected snapshot

fileInfo object

Properties

newFiles integer

Number of new files.

updatedFiles integer

Number of updated files.

deletedFiles integer

Number of deleted files.

encryptedFiles integer

Number of encrypted files.

feature string

Type of the entity for which the event has happened.

globalID string

Represents the global ID of the customer or MSP.

timeStamp integer

The epoch representation of the time at which the event occurred.

syslogFacility integer

Syslog standard of defining the event origin/type.

syslogSeverity integer

SyslogSeverity represents the severity(0-7) of the event.

type string

Type of the event. For example, 'SystemEvent' or 'UserRestore'. This event's title is its type.

Admin Login

Details of the Admin Login Event.

feature will be Admin Event
type will be Admin Login
category will be EVENT
syslogSeverity for Admin Login Event will be 3 or 6

category string

The category of the event. The possible values are: EVENT AUDIT ALERT.

details object

Properties

location string

Location from where the admin logged in.

adminLoginTime string

Time at which the admin logged in.

adminName string

Name of the admin who logged in.

adminEmail string

Email of the admin who logged in.

loginResult string

Result of the login operation. The possible values are: Success Failure.

adminActivity string

Activity performed by the admin. The possible values are: Admin Login Event.

adminIPAddress string

IP address of the admin who logged in.

feature string

Type of the entity for which the event has happened.

globalID string

Represents the global ID of the customer or MSP.

timeStamp integer

The epoch representation of the time at which the event occurred.

syslogFacility integer

Syslog standard of defining the event origin/type.

syslogSeverity integer

SyslogSeverity represents the severity(0-7) of the event.

type string

Type of the event. For example, 'SystemEvent' or 'UserRestore'. This event's title is its type.

Scan Settings Updated

Details of the Scan Settings Updated Event.

feature will be Admin Event
type will be Scan Settings Updated
category will be EVENT
syslogSeverity for Scan Settings Updated Event will be 6

category string

The category of the event. The possible values are: EVENT AUDIT ALERT.

details object

Properties

Successful boolean

Indicates if the operation was successful.

AVScanEnabled boolean

Indicates if the AV scan is enabled.

FileHashScanEnabled boolean

Indicates if the file hash scan is enabled.

UseDruvaCuratedIOCs boolean

Indicates if the Druva curated IOCs are used.

SkipScanForDeviceReplace boolean

Indicates if the scan is skipped for device replacement.

AllowAdminToSkipScanServers boolean

Indicates if the admin is allowed to skip the scan for servers.

AllowUserToSkipScanEndpoints boolean

Indicates if the user is allowed to skip the scan for endpoints.

AllowAdminToSkipScanEndpoints boolean

Indicates if the admin is allowed to skip the scan for endpoints.

feature string

Type of the entity for which the event has happened.

globalID string

Represents the global ID of the customer or MSP.

timeStamp integer

The epoch representation of the time at which the event occurred.

syslogFacility integer

Syslog standard of defining the event origin/type.

syslogSeverity integer

SyslogSeverity represents the severity(0-7) of the event.

type string

Type of the event. For example, 'SystemEvent' or 'UserRestore'. This event's title is its type.

Quarantine Ranges Updated

Details of the Quarantine Ranges Updated Event.

feature will be Ransomware Recovery
type will be Quarantine Ranges Updated
category will be EVENT
syslogSeverity for Quarantine Ranges Updated Event will be 0

category string

The category of the event. The possible values are: EVENT AUDIT ALERT.

details object

Properties

mode string

Mode of the quarantine range. The possible values are: Admin Portal API.

note string

Note for the quarantine range.

orgID integer

Unique ID of the organization.

state string

State of the quarantine range. The possible values are: Success Failure.

action string

Action performed on the quarantine range. The possible values are: Update Ranges.

ipAddress string

IP address of the machine.

initiatorID string

Name / Email of the initiator.

resourceID integer

Unique ID of the resource for which the event is generated.

resourceName string

Name of the resource for which the event is generated.

resourceType string

Type of the resource for which the event is generated.

resourceParent string

Parent of the resource for which the event is generated.

resourcePlatform string

Platform of the resource for which the event is generated.

effectiveDateRanges object

Properties

startTime string

Start time of the effective / delete date range.

endTime string

End time of the effective / delete date range.

feature string

Type of the entity for which the event has happened.

globalID string

Represents the global ID of the customer or MSP.

timeStamp integer

The epoch representation of the time at which the event occurred.

syslogFacility integer

Syslog standard of defining the event origin/type.

syslogSeverity integer

SyslogSeverity represents the severity(0-7) of the event.

type string

Type of the event. For example, 'SystemEvent' or 'UserRestore'. This event's title is its type.

Quarantine Ranges Created

Details of the Quarantine Ranges Created.

feature will be Ransomware Recovery
type will be Quarantine Ranges Created
category will be EVENT
syslogSeverity for Quarantine Ranges Created will be 0

category string

The category of the event. The possible values are: EVENT AUDIT ALERT.

details object

Properties

mode string

Mode of the quarantine event. The possible values are: Admin Portal API.

note string

Note for the quarantine range.

orgID integer

Unique ID of the organization.

state string

State of the quarantine range. The possible values are: Success Failure.

action string

Action performed on the quarantine range. The possible values are: Create Range Delete Range.

ipAddress string

IP address of the machine.

initiatorID string

Name / Email of the initiator.

resourceID integer

Unique ID of the resource for which the event is generated.

resourceName string

Name of the resource for which the event is generated.

resourceType string

Type of the resource for which the event is generated.

resourceParent string

Parent of the resource for which the event is generated.

resourcePlatform string

Platform of the resource for which the event is generated.

rangeStartTime string

Start time of the quarantine range.

rangeEndTime string

End time of the quarantine range.

feature string

Type of the entity for which the event has happened.

globalID string

Represents the global ID of the customer or MSP.

timeStamp integer

The epoch representation of the time at which the event occurred.

syslogFacility integer

Syslog standard of defining the event origin/type.

syslogSeverity integer

SyslogSeverity represents the severity(0-7) of the event.

type string

Type of the event. For example, 'SystemEvent' or 'UserRestore'. This event's title is its type.

Quarantine Ranges Deleted

Details of the Quarantine Ranges Deleted.

feature will be Ransomware Recovery
type will be Quarantine Ranges Deleted
category will be EVENT
syslogSeverity for Quarantine Ranges Deleted will be 0

category string

The category of the event. The possible values are: EVENT AUDIT ALERT.

details object

Properties

mode string

Mode of the quarantine event. The possible values are: Admin Portal API.

note string

Note for the quarantine range.

orgID integer

Unique ID of the organization.

state string

State of the quarantine range. The possible values are: Success Failure.

action string

Action performed on the quarantine range. The possible values are: Create Range Delete Range.

ipAddress string

IP address of the machine.

initiatorID string

Name / Email of the initiator.

resourceID integer

Unique ID of the resource for which the event is generated.

resourceName string

Name of the resource for which the event is generated.

resourceType string

Type of the resource for which the event is generated.

resourceParent string

Parent of the resource for which the event is generated.

resourcePlatform string

Platform of the resource for which the event is generated.

rangeStartTime string

Start time of the quarantine range.

rangeEndTime string

End time of the quarantine range.

feature string

Type of the entity for which the event has happened.

globalID string

Represents the global ID of the customer or MSP.

timeStamp integer

The epoch representation of the time at which the event occurred.

syslogFacility integer

Syslog standard of defining the event origin/type.

syslogSeverity integer

SyslogSeverity represents the severity(0-7) of the event.

type string

Type of the event. For example, 'SystemEvent' or 'UserRestore'. This event's title is its type.

Removed From Quarantine Bay

Details of the Removed From Quarantine Bay.

feature will be Ransomware Recovery
type will be Removed From Quarantine Bay
category will be EVENT
syslogSeverity for Removed From Quarantine Bay will be 0

category string

The category of the event. The possible values are: EVENT AUDIT ALERT.

details object

Properties

mode string

Mode of the quarantine event. The possible values are: Admin Portal API.

note string

Note for the quarantine range.

orgID integer

Unique ID of the organization.

state string

State of the quarantine range. The possible values are: Success Failure.

action string

Action performed on the quarantine range. The possible values are: Delete Ranges.

ipAddress string

IP address of the machine.

initiatorID string

Name / Email of the initiator.

resourceID integer

Unique ID of the resource for which the event is generated.

resourceName string

Name of the resource for which the event is generated.

resourceType string

Type of the resource for which the event is generated.

resourceParent string

Parent of the resource for which the event is generated.

resourcePlatform string

Platform of the resource for which the event is generated.

deletedDateRanges object

Properties

startTime string

Start time of the effective / delete date range.

endTime string

End time of the effective / delete date range.

feature string

Type of the entity for which the event has happened.

globalID string

Represents the global ID of the customer or MSP.

timeStamp integer

The epoch representation of the time at which the event occurred.

syslogFacility integer

Syslog standard of defining the event origin/type.

syslogSeverity integer

SyslogSeverity represents the severity(0-7) of the event.

type string

Type of the event. For example, 'SystemEvent' or 'UserRestore'. This event's title is its type.

Added To Quarantine Bay

Details of the Added To Quarantine Bay.

feature will be Ransomware Recovery
type will be Added To Quarantine Bay
category will be EVENT
syslogSeverity for Added To Quarantine Bay will be 0

category string

The category of the event. The possible values are: EVENT AUDIT ALERT.

details object

Properties

mode string

Mode of the quarantine event. The possible values are: Admin Portal API.

note string

Note for the quarantine range.

orgID integer

Unique ID of the organization.

state string

State of the quarantine range. The possible values are: Success Failure.

action string

Action performed on the quarantine range. The possible values are: Create Ranges.

ipAddress string

IP address of the machine.

initiatorID string

Name / Email of the initiator.

resourceID integer

Unique ID of the resource for which the event is generated.

resourceName string

Name of the resource for which the event is generated.

resourceType string

Type of the resource for which the event is generated.

resourceParent string

Parent of the resource for which the event is generated.

resourcePlatform string

Platform of the resource for which the event is generated.

effectiveDateRanges object

Properties

startTime string

Start time of the effective / delete date range.

endTime string

End time of the effective / delete date range.

feature string

Type of the entity for which the event has happened.

globalID string

Represents the global ID of the customer or MSP.

timeStamp integer

The epoch representation of the time at which the event occurred.

syslogFacility integer

Syslog standard of defining the event origin/type.

syslogSeverity integer

SyslogSeverity represents the severity(0-7) of the event.

type string

Type of the event. For example, 'SystemEvent' or 'UserRestore'. This event's title is its type.

Cybersecurity Events

About Druva Cloud Platform Events API

Supported events