Entry holds a single entry in an investigation. Entries entered within a short amount of time by the same user are combined
|
IndicatorTimeline
optional
|
array[IndicatorTimelineFromEntry] | |
|
InstanceID
optional
|
String
|
|
|
Relationships
optional
|
array[RelationshipAPI] | |
|
ShardID
optional
|
Long
|
format: int64 |
|
allRead
optional
|
Boolean
|
|
|
allReadWrite
optional
|
Boolean
|
|
|
apiExecutionMetrics
optional
|
array[APIExecutionMetric] | |
|
brand
optional
|
String
|
|
|
cacheVersn
optional
|
Long
|
format: int64 |
|
category
optional
|
String
|
|
|
contents
optional
|
Object
|
The contents of the entry that is actually indexed - should not be used |
|
contentsSize
optional
|
Long
|
ContentsSize the total size of the contents format: int64 |
|
created
optional
|
Date
|
format: date-time |
|
cron
optional
|
String
|
|
|
cronView
optional
|
Boolean
|
|
|
dbotCreatedBy
optional
|
String
|
Who has created this event - relevant only for manual incidents |
|
deleted
optional
|
Boolean
|
|
|
deletedBy
optional
|
String
|
|
|
deletedFromFS
optional
|
Boolean
|
|
|
endingDate
optional
|
Date
|
format: date-time |
|
endingType
optional
|
String
|
EndingType holds the type of schedule Ending |
|
entryTask
optional
|
EntryTask | |
|
errorSource
optional
|
String
|
Source of the error |
|
file
optional
|
String
|
Filename of associated content |
|
fileID
optional
|
String
|
FileID is the file name when saved in the server |
|
fileMetadata
optional
|
FileMetadata | |
|
format
optional
|
String
|
Holds information on how content is formatted |
|
hasRole
optional
|
Boolean
|
Internal field to make queries on role faster |
|
highlight
optional
|
map[String, array[String]]
|
|
|
history
optional
|
array[EntryHistory] | Edit history |
|
humanCron
optional
|
HumanCron | |
|
id
optional
|
String
|
|
|
incidentCreationTime
optional
|
Date
|
store the entry based on IncidentCreationTime format: date-time |
|
indexName
optional
|
String
|
|
|
instance
optional
|
String
|
|
|
investigationId
optional
|
String
|
The id of the investigation it belongs to |
|
isTodo
optional
|
Boolean
|
IsTodo |
|
mirrored
optional
|
Boolean
|
Only used for outbound mirroring to mark that it is already mirrored to remote system |
|
modified
optional
|
Date
|
format: date-time |
|
note
optional
|
Boolean
|
Note |
|
numericId
optional
|
Long
|
format: int64 |
|
parentContent
optional
|
Object
|
ParentEntry content - for reference |
|
parentEntryTruncated
optional
|
Boolean
|
ParentEntryTruncated - indicates weather entry content was truncated |
|
parentId
optional
|
String
|
ParentId is the ID of the parent entry |
|
pinned
optional
|
Boolean
|
Mark entry as pinned = evidence |
|
playbookId
optional
|
String
|
PlaybookID - if the entry is assigned as note to a playbook task, it will hold the playbook |
|
polling
optional
|
Boolean
|
Only used for polling entries |
|
pollingArgs
optional
|
map[String, Object]
|
ModuleArgs represents module args |
|
pollingCommand
optional
|
String
|
|
|
pollingItemsRemaining
optional
|
Long
|
format: int64 |
|
previousAllRead
optional
|
Boolean
|
|
|
previousAllReadWrite
optional
|
Boolean
|
|
|
previousRoles
optional
|
array[String]
|
Do not change this field manually |
|
primaryTerm
optional
|
Long
|
format: int64 |
|
readOnly
optional
|
Boolean
|
ReadOnly |
|
recurrent
optional
|
Boolean
|
|
|
reputationSize
optional
|
Long
|
ReputationSize the total size of the reputation format: int64 |
|
reputations
optional
|
array[EntryReputation] | EntryReputations the reputations calculated by regex match |
|
retryTime
optional
|
Date
|
When retry took place format: date-time |
|
roles
optional
|
array[String]
|
The role assigned to this investigation |
|
scheduled
optional
|
Boolean
|
is it scheduled |
|
sequenceNumber
optional
|
Long
|
format: int64 |
|
sizeInBytes
optional
|
Long
|
format: int64 |
|
sortValues
optional
|
array[String]
|
|
|
startDate
optional
|
Date
|
format: date-time |
|
syncHash
optional
|
String
|
|
|
system
optional
|
String
|
The name of the system associated with this entry |
|
tags
optional
|
array[String]
|
Tags |
|
tagsRaw
optional
|
array[String]
|
TagsRaw |
|
taskId
optional
|
String
|
TaskID - used if the entry is assigned as note to a playbook task |
|
times
optional
|
Long
|
format: int64 |
|
timesRan
optional
|
Long
|
format: int64 |
|
timezone
optional
|
String
|
|
|
timezoneOffset
optional
|
Long
|
format: int64 |
|
type
optional
|
Double
|
EntryType specifies the type of the entry format: double |
|
user
optional
|
String
|
The user who created the entry |
|
version
optional
|
Long
|
format: int64 |
|
xsoarHasReadOnlyRole
optional
|
Boolean
|
|
|
xsoarPreviousReadOnlyRoles
optional
|
array[String]
|
|
|
xsoarReadOnlyRoles
optional
|
array[String]
|