ALERTS_V View
This view provides raw historic data about generated events (alerts). The Alerts_V View provides metadata about the alert (including severity). For comprehensive details about the alert, see ALERTS_DETAILS_V View.
This view is not supported with S3 Data Exporting.
When Lacework generates an event (alert), it returns a row in the Alerts_V view with information about the event.
Each row contains file information as listed in the columns.
| Column Name | Data Type | Description |
|---|---|---|
| ID | Number | The unique identifier generated for this Event by Lacework. |
| EVENT_TYPE | Text | The type/title of the alert. |
| SEVERITY | Number | Severity of the alert. |
| START_TIME | Timestamp | The time and date when the hourly aggregation time period starts. |
| END_TIME | Timestamp | The time and date when the hourly aggregation time period ends. |
| EVENT_CLASS | Text | The alert actor that the alert is associated with. |
| EVENT_PROPERTIES | Variant | The entities involved in the alert. |
The ALERTS_V view does not currently include agent alerts. This feature will be added in an upcoming platform release.