Definitions and descriptions for each alert field that can be returned from an alert query. Fields can also be used to query for specific information, such as the inventories associated with an alert. See Get Inventories for Alert for an example cURL statement.

 

Field Name Alert Type Description
acknowledgedAt  All Date and time in epoch format when the alert was acknowledged.
acknowledgeType  All Method used to acknowledge the alert. Valid values are user, suppress, or null. Null means the alert is not yet acknowledged.
alarmId  All Unique numerical identifier for the alert.
asset  All The monitored prefix, IP address, origin, Cloudzone, or CDN.
category  All Category of the alert. See Alert Categories and Types for more information on alert categories.
cdn  CDN Alert Types CDN involved in the alert.
cloudzone  Cloudzone Alert Types Cloudzone involved in the alert.
collectorSet  Performance, Cloudzone, and CDN Alert Types Vantage points identifying the performance, cloudzone, or CDN alert information.
firstEvidenceAt  All Date and time in epoch format when the alert was first detected.
inventories  All Portfolio inventories where the asset involved in this alert is included.
ip  Performance Alert Types IP address involved in the alert.
loweredAt  All Date and time in epoch format when the event causing the alert stopped.
newUpstream  New Upstream Alert Types Alert type raised when a new upstream adjacent AS (peer or provider) is seen announcing a route to your monitored prefixes by at least one of our peers.
origin  Origin Alert Types The observed origin (ASN) at the time of the alert.
peerCount  Routing Alert Types Number of peers observing this alert.
peerList  Routing Alert Types List of peers observing this alert.
prefix  Routing Alert Types The monitored prefix or the prefix leaked by the monitored ASN.
previousOrigin  Origin Alert Types ASN announcing the prefix prior to the event causing the alert.
raisedAt  All Date and time in epoch format when the event was first identified as worth of an alert.
subprefix  Subprefix – Hijack

Unexpected-Subprefix-Activity

Subprefix involved in the alert.
threshold  Performance, Cloudzone, and CDN Alert Types  Measured value on a monitored asset that when crossed triggers the alert.
type  All Same as typeName. It is there for consistency with request parameters (eg. you can query for alerts with ?type=asn-leak). See Alert Categories and Types for more information on alert types.
typeName  All Same as type. Identifies type of alert within the category. Included for backward compatibility. See Alert Categories and Types for more information on alert types.
updatedAt  All Date and time in epoch format of the most recent update about the event.
userName  All User name provided for the API call.
validOrigins  Origin Alert Types The origins that are normally authorized to announce the prefix.