ALERT_DETAILS_V View
This view provides detailed W5 information (such as process and machine details) about generated events (alerts).
When Lacework generates an event (alert), it returns a row in the Alert_DETAILS_V view with information about the event.
Each row contains file information as listed in the columns.
| Column Name | Data Type | Description |
|---|---|---|
| START_TIME | Timestamp | The time and date when the hourly aggregation time period starts. |
| END_TIME | Timestamp | The time and date when the hourly aggregation time period ends. |
| EVENT_TYPE | Text | The type/title of the alert. |
| EVENT_ID | Number | The unique identifier generated for this Event by Lacework. |
| EVENT_MODEL | Text | The data model used for generating the alert. |
| EVENT_ACTOR | Text | The event actor that categorizes the type of an alert such as application, process, files, etc. |
| ENTITY_MAP | JSON Object | The entity map lists all the entities of the alert which are further classified in KEYS AND PROPS. |
The ALERT_DETAILS_V view does not currently include agent alerts. This feature will be added in an upcoming platform release.