Saas Alerts Security Event Structure
Structure of a security event detected by the SaaS Alerts platform
Type:
Properties: 0
MSPSaaS SecuritySecurity MonitoringThreat DetectionMicrosoft 365Google WorkspaceMSSP
SaaS Alerts Security Event is a JSON Structure definition published by SaaS Alerts.
{
"name": "SaaS Alerts Security Event",
"description": "Structure of a security event detected by the SaaS Alerts platform",
"fields": [
{
"name": "eventId",
"type": "string",
"required": true,
"description": "Unique event identifier"
},
{
"name": "eventType",
"type": "string",
"required": true,
"description": "Machine-readable event type (e.g., login.failure, data.exfiltration)"
},
{
"name": "jointDesc",
"type": "string",
"required": false,
"description": "Human-readable event description"
},
{
"name": "alertStatus",
"type": "string",
"required": true,
"description": "Severity: low, medium, or critical"
},
{
"name": "application",
"type": "string",
"required": true,
"description": "SaaS application (microsoft365, google_workspace, salesforce, slack, dropbox)"
},
{
"name": "customerId",
"type": "string",
"required": true,
"description": "MSP customer/tenant identifier"
},
{
"name": "customerName",
"type": "string",
"required": false,
"description": "Customer organization name"
},
{
"name": "userId",
"type": "string",
"required": true,
"description": "Affected user email address"
},
{
"name": "sourceIp",
"type": "string",
"required": false,
"description": "Source IPv4 address"
},
{
"name": "timestamp",
"type": "date-time",
"required": true,
"description": "ISO 8601 event timestamp"
},
{
"name": "details",
"type": "object",
"required": false,
"description": "Additional event-specific key-value details"
}
]
}