ActivityRule
Stay organized with collections
Save and categorize content based on your preferences.
Alerts from Google Workspace Security Center rules service configured by an admin.
| JSON representation |
{
"name": string,
"displayName": string,
"description": string,
"windowSize": string,
"threshold": string,
"createTime": string,
"updateTime": string,
"triggerSource": string,
"supersededAlerts": [
string
],
"supersedingAlert": string,
"actionNames": [
string
],
"query": string
} |
| Fields |
name |
string
Rule name.
|
displayName |
string
Alert display name.
|
description |
string
Description of the rule.
|
windowSize |
string (Duration format)
Rule window size. Possible values are 1 hour or 24 hours.
|
threshold |
string
Alert threshold is for example “COUNT > 5”.
|
createTime |
string (Timestamp format)
Rule create timestamp.
|
updateTime |
string (Timestamp format)
The timestamp of the last update to the rule.
|
triggerSource |
string
The trigger sources for this rule.
- GMAIL_EVENTS
- DEVICE_EVENTS
- USER_EVENTS
|
supersededAlerts[] |
string
List of alert IDs superseded by this alert. It is used to indicate that this alert is essentially extension of superseded alerts and we found the relationship after creating these alerts.
|
supersedingAlert |
string
Alert ID superseding this alert. It is used to indicate that superseding alert is essentially extension of this alert and we found the relationship after creating both alerts.
|
actionNames[] |
string
List of action names associated with the rule threshold.
|
query |
string
Query that is used to get the data from the associated source.
|
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-03-25 UTC.
[null,null,["Last updated 2025-03-25 UTC."],[],[],null,["# ActivityRule\n\n- [JSON representation](#SCHEMA_REPRESENTATION)\n\nAlerts from Google Workspace Security Center rules service configured by an admin.\n\n| JSON representation |\n|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| ``` { \"name\": string, \"displayName\": string, \"description\": string, \"windowSize\": string, \"threshold\": string, \"createTime\": string, \"updateTime\": string, \"triggerSource\": string, \"supersededAlerts\": [ string ], \"supersedingAlert\": string, \"actionNames\": [ string ], \"query\": string } ``` |\n\n| Fields ||\n|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `name` | `string` Rule name. |\n| `displayName` | `string` Alert display name. |\n| `description` | `string` Description of the rule. |\n| `windowSize` | `string (`[Duration](https://protobuf.dev/reference/protobuf/google.protobuf/#duration)` format)` Rule window size. Possible values are 1 hour or 24 hours. |\n| `threshold` | `string` Alert threshold is for example \"COUNT \\\u003e 5\". |\n| `createTime` | `string (`[Timestamp](https://protobuf.dev/reference/protobuf/google.protobuf/#timestamp)` format)` Rule create timestamp. |\n| `updateTime` | `string (`[Timestamp](https://protobuf.dev/reference/protobuf/google.protobuf/#timestamp)` format)` The timestamp of the last update to the rule. |\n| `triggerSource` | `string` The trigger sources for this rule. - GMAIL_EVENTS - DEVICE_EVENTS - USER_EVENTS |\n| `supersededAlerts[]` | `string` List of alert IDs superseded by this alert. It is used to indicate that this alert is essentially extension of superseded alerts and we found the relationship after creating these alerts. |\n| `supersedingAlert` | `string` Alert ID superseding this alert. It is used to indicate that superseding alert is essentially extension of this alert and we found the relationship after creating both alerts. |\n| `actionNames[]` | `string` List of action names associated with the rule threshold. |\n| `query` | `string` Query that is used to get the data from the associated source. |"]]
