abs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
abs.SettingsConfig
account_urlRepresents your storage account in Azure. Typically of the format https://{account}.blob.core.windows.net.
controls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed
compressionThe compression method to be applied to the data before storing in Azure
containerA container organizes a set of blobs, similar to a directory in a file system.
The format config to use
partition_formatDirectory structure used to partition stored objects. Options: simple date (e.g., '2024/01/01'), hive compliant (e.g., 'year=2024/month=01/day=01'), and flat hive compliant (e.g., 'dt=2024-01-01').
prefixAn optional prefix for Azure object keys to organize data within the container
add_id.ArgumentsConfig
keyThe key to add to the record with id value
typeThe type of the identifier
admin_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
admin_logs.SettingsConfig
hostuse_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
aiven_service_logs.SecretsConfig
APIKey for GreyNoise Community API
aiven_service_logs.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync is fetched on the first sync. All syncs thereafter will be incremental.
projectThe Aiven project name
serviceThe Aiven service name
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
alerts.AlertMeta
categoryconfigdescriptiongranularityhouseinternalnametiertype_idarize_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
arize_audit_logs.SettingsConfig
backfill_start_timeDate to start fetching data from.
interval_secondsTime interval in seconds between consecutive GraphQL API calls
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source
auth_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
auth_logs.SettingsConfig
hostuse_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
authenticationtypes.AuthenticationMethod
confirmedcreated_atcredential_backed_upcredential_device_typeemailidkey_idlink_idnamephone_numberpublic_keytypeuser_agentauthenticationtypes.TokenResponse
access_tokenemailexpires_inid_tokenrefresh_tokentoken_typeaws_guardduty.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
aws_guardduty.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
regionThe AWS region where GuardDuty is enabled.
role_arnThe ARN of the IAM role to assume for accessing GuardDuty.
severityFilter findings by severity levels.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
aws_s3.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
aws_s3.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of data upto now would be performed on the first sync. All syncs thereafter will be incremental.
bucketName of the S3 bucket.
compressionCompression format of the S3 objects.
formatFile format of the S3 objects.
partition_formatPartition format of your S3 bucket. Options: hive compliant ('year=2024/month=01/day=01'), flat hive compliant ('dt=2024-01-01'), or simple date ('2024/01/01').
prefixPrefix of the S3 object keys to read.
record_locationLocation of the record in the JSON object. This can be ignored if the record is not in JSON format. Leave empty if you want the entire record.
regionAWS Region of your bucket.
role_arnRole ARN to assume when reading from S3.
awssqsoutput.QueueType
The type of SQS queue to use. Can be either "standard" or "fifo".
awssqsoutput.SettingsConfig
message_group_idThe message group ID for FIFO queues. This is required for FIFO queues.
queue_typeThe type of SQS queue to use. Can be either "standard" or "fifo".
queue_urlThe URL of the SQS queue to poll for messages.
regionThe AWS region where the SQS queue is located.
role_arnThe ARN of the IAM role to assume for accessing the SQS queue.
awssqss3.SettingsConfig
compressionCompression format of the S3 objects.
formatFile format of the S3 objects.
queue_urlThe URL of the SQS queue to poll for messages.
record_locationLocation of the record in the object. Applies only for JSON objects. Leave empty for the entire record.
regionThe AWS region where the SQS queue is located.
role_arnThe ARN of the IAM role to assume for accessing the SQS queue.
uses_snsUses AWS SNS in the middle of S3 and SQS for fan-out usecases.
with_metadataWhether to include S3 object metadata in the output.
axiom.SettingsConfig
datasetName of the Axiom dataset in which data will be written
azure_activity_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
azure_activity_logs.SettingsConfig
correlation_idThe correlation ID of the log
resource_group_nameThe name of the resource group
resource_providerThe provider of the resource
resource_uriThe URI of the resource
subscription_idThe subscription ID of the Azure subscription
tenant_idThe tenant ID of the Azure AD application
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
azure_blob_storage.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
azure_blob_storage.SettingsConfig
account_urlRepresents your storage account in Azure. Typically of the format https://{account}.blob.core.windows.net.
backfill_start_timeStarting timestamp for initial data sync. Only processes blobs with a last modified time after this timestamp on the initial sync. If not specified, all available data from the specified prefix will be processed. Incremental syncs automatically continue from the last processed timestamp, scanning from the previous day's partition forward to catch late-arriving data. Files updated in partitions older than the current state's previous prefix will not be detected.
compressionThe compression format of objects in the Azure container
containerA container organizes a set of blobs, similar to a directory in a file system.
formatFile format of the Blob storage objects in Azure.
partition_formatPartition format of your Azure container. Options: hive compliant ('year=2024/month=01/day=01'), flat hive compliant ('dt=2024-01-01'), or simple date ('2024/01/01').
prefixAn optional prefix for Azure object keys to organize data within the container
record_locationLocation of the record in the object. Applies only for JSON objects. Leave empty for the entire record.
azure_event_hubs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
azure_event_hubs.SettingsConfig
consumer_groupThe consumer group name for reading events (default: $Default)
event_hub_nameThe name of the specific Event Hub to consume from
event_hub_namespaceThe fully qualified namespace URL (e.g., your-namespace.servicebus.windows.net)
lookback_durationThe duration to look back for events in minutes (default: 60 minutes)
subscription_idThe Azure subscription ID containing your Event Hubs namespace
tenant_idThe Azure Entra ID tenant (directory) ID
azure_vnet_flow_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
azure_vnet_flow_logs.SettingsConfig
prefixregionThe Azure region where the virtual network is located
resource_group_nameThe name of the resource group containing the virtual network
storage_account_urlThe Azure storage account URL where flow logs are stored
subscription_idThe Azure subscription ID where the virtual network and storage account are located
tenant_idThe Azure Entra ID tenant (directory) ID.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
virtual_network_nameThe name of the virtual network for which flow logs are being collected
backblaze.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
backblaze.SettingsConfig
controls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed
bucketThe name of the B2 bucket where data will be stored
compressionThe compression method to be applied to the data before storing in B2
The format config to use
partition_formatDirectory structure used to partition stored objects. Options: simple date (e.g., '2024/01/01'), hive compliant (e.g., 'year=2024/month=01/day=01'), and flat hive compliant (e.g., 'dt=2024-01-01').
prefixAn optional prefix for B2 object keys to organize data within the bucket
regionThe B2 region/endpoint (e.g., us-west-001)
backblaze_b2.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
backblaze_b2.SettingsConfig
backfill_start_timeDate to start fetching data from
bucketName of the B2 bucket
compressionCompression format of the B2 objects
formatFile format of the B2 objects
partition_formatPartition format of your B2 bucket. Options: hive compliant ('year=2024/month=01/day=01'), flat hive compliant ('dt=2024-01-01'), or simple date ('2024/01/01').
prefixPrefix of the B2 object keys to read
record_locationLocation of the record in the object. Applies only for JSON objects. Leave empty for the entire record.
regionB2 Region of your bucket (e.g., us-west-001, us-west-002, eu-central-003)
batch_config.BatchConfig
batch_data_sizebatch_record_countpublish_ratebigquery.SettingsConfig
datasetThe name of the BigQuery dataset where the table resides
project_idThe Google Cloud Project ID where the BigQuery instance is located
tableThe name of the table where the data will be written
bigquery_input.SettingsConfig
datasetThe BigQuery dataset ID containing the table
projectThe GCP project ID containing the BigQuery dataset
queryOptional custom query to use instead of table (must include timestamp_column)
tableThe BigQuery table ID to query data from
timestamp_columnThe column containing timestamp values used for incremental loading
bitwarden_events.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
bitwarden_events.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, will fetch from the most recent data available.
base_urlBase URL for self-hosted Bitwarden instance (required if region is SelfHosted)
regionRegion of the Bitwarden instance: US, EU, or SelfHosted (default: US)
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
box_events.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
box_events.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, data from 1 year ago upto now from box is fetched on the first sync. All syncs thereafter will be incremental.
event_typeA list of event types to filter by.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
brinqa_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
brinqa_audit_logs.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync is fetched on the first sync. All syncs thereafter will be incremental.
hostnameThe Brinqa environment hostname (e.g., "ssb.brinqa.net")
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
bugsnag_org_events.SecretsConfig
APIKey for GreyNoise Community API
bugsnag_org_events.SettingsConfig
backfill_start_timeDate to start fetching data from.
organization_idOrganization ID
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
buildkite_audit_logs.SettingsConfig
backfill_start_timeGenerate synthetic demo data instead of connecting to the real data source.
UseSyntheticData bool json:"use_synthetic_data"
Date to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
org_slugThe URL slug of your Buildkite organizations
buildkite_graphql_input.SettingsConfig
enable_paginationEnable pagination support
graphql_queryThe GraphQL query to execute against the endpoint to fetch data
has_next_page_pathJSONPath location to check if there are more pages
interval_secondsTime interval in seconds between consecutive GraphQL API calls
pagination_cursor_pathJSONPath location for pagination cursor/token
record_locationJSONPath location of the records array in the GraphQL response
GraphQL query variables to pass with each request
cisa_user.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
cloud_configuration_findings.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
cloud_configuration_findings.SettingsConfig
endpoint_urlEndpoint URL for the Wiz API. Ex: 'https://api.wiz.io/v1/cloud-configuration-findings'.
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
resultResult types for Wiz. Ex: 'PASSED', 'FAILED', 'ERROR', 'NOT ASSESSED'.
severitySeverity types for Wiz. Ex: 'CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'NONE'.
statusStatus types for Wiz. Ex: 'OPEN', 'RESOLVED', 'REJECTED'.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
cloud_logs.SettingsConfig
enable_proto_payload_parsingEnables automatic parsing of embedded protocol buffer payloads within the input.
filterThe filter to apply to the logs.
resource_namesThe resources to query logs from.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
cloud_resource_inventory.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
cloud_resource_inventory.SettingsConfig
endpoint_urlEndpoint URL for the Wiz API. Ex: 'https://api.wiz.io/v1/cloud-resource-inventory'.
entityTypeEntity types for Wiz.
backfill_start_timeDate to start fetching data from. If not specified, A Wiz report is generated on the first sync. All syncs thereafter will be of incremental data.
cloudPlatformCloud Platform types for Wiz. Ex: 'AWS', 'AZURE', 'GCP'.
full_snapshotFullSnapshot indicates whether to fetch a full snapshot of the cloud resource inventory.
intervalDefines how frequently (in hours) the system polls the Wiz API to retrieve updated data. Only applicable when full_snapshot is enabled. The interval timer begins after each sync operation completes.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
cloud_resource_inventory_reports.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
cloud_resource_inventory_reports.SettingsConfig
endpoint_urlEndpoint URL for the Wiz API. Ex: 'https://api.wiz.io/v1/cloud-resource-inventory'.
entityTypeEntity types for Wiz. Ex: 'ACCOUNT', 'REGION', 'VPC', 'SUBNET', 'INSTANCE'.
cloudPlatformCloud Platform types for Wiz. Ex: 'AWS', 'AZURE', 'GCP'.
cronCron expression for scheduling the input
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
cloudflare_ddos_attack_analytics.SecretsConfig
APIKey for GreyNoise Community API
cloudflare_ddos_attack_analytics.SettingsConfig
account_idCloudflare Account ID
backfill_start_timeThe date to start fetching data from (RFC3339 format). If not specified, fetches all available data within API retention limits.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
cloudflare_firewall_events.SecretsConfig
APIKey for GreyNoise Community API
cloudflare_firewall_events.SettingsConfig
include_bot_fieldsInclude Bot Management fields (requires Enterprise plan with Bot Management add-on)
lookback_durationInitial lookback duration for first sync (e.g., "24h", "168h"). Respects API retention limits.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
zone_idCloudflare Zone ID
cloudflare_http_requests.SecretsConfig
APIKey for GreyNoise Community API
cloudflare_http_requests.SettingsConfig
fieldsFields to include in the query. Leave empty to use default curated list. Only fields available to your account will be included (validated against API). Maximum 50 fields due to API constraints.
lookback_durationInitial lookback duration for first sync (e.g., "24h", "168h"). Respects API retention limits.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
zone_idCloudflare Zone ID
cloudflare_url_scanner.SecretsConfig
APIKey for GreyNoise Community API
cloudflare_url_scanner.SettingsConfig
account_idCloudflare Account ID
backfill_start_timeDate to start fetching data from (RFC3339 format). Note: Historical data availability depends on your Cloudflare plan (Free: last 50 scans, Self Serve: 30 days, Enterprise: 12 months, Cloudforce One: unlimited)
filter_my_scansFilter to only show scans created by the current API token
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source
cloudflare_zero_trust_access_requests.SecretsConfig
APIKey for GreyNoise Community API
cloudflare_zero_trust_access_requests.SettingsConfig
account_idCloudflare Account ID
backfill_start_timeDate to start fetching data from (RFC3339 format)
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source
cloudtrail.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of data upto now would be performed on the first sync. All syncs thereafter will be incremental.
bucketThe name of the S3 bucket
prefixPrefix of the S3 object keys to read.
regionThe region of the S3 bucket
role_arnThe ARN of the role to assume to access the bucket
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
clumio_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
clumio_audit_logs.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
regionThe region associated with your Clumio account
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
clumio_consolidated_alerts.SecretsConfig
APIKey for GreyNoise Community API
clumio_consolidated_alerts.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
parent_entity_idThe system-generated ID of the parent entity that is associated with the primary entity affected by the alert.
parent_entity_typeThe system-generated name of the parent entity that is associated with the primary entity affected by the alert.
regionThe region associated with your Clumio account
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
coda_audit_events.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
org_idCoda Organization ID.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
community_edition.SecretsConfig
APIKey for GreyNoise Community API
community_edition.SettingsConfig
destination_pathDestinationPath is the path where the GreyNoise data will be stored
error_on_rate_limitErrorOnRateLimit determines if rate limiting should cause an error (true) or return custom response (false)
ip_address_pathIPAddressPath is the path to a field containing an IP address to look up
no_match_responseNoMatchResponse is the value to add when no match is found
omit_metadatarate_limit_responseRateLimitResponse is the value to add when rate limited
community_transforms_internal.TransformConfig
authorcontributorsdescriptioninputsnametagscommunity_transforms_internal.TransformMetadata
authorcontributorscreated_atdescriptioninputslast_modifiednamepathtagscommunity_transforms_internal.TransformsIndex
last_updatedschema_hashHash of the schema structure
convert_timestamp.ArgumentsConfig
source_formatRequired: Format of source timestamp
source_format_customOptional: Custom Go time layout (only if SourceFormat = "custom")
source_keyRequired: JSONPath to source timestamp field
source_timezoneOptional: Source timezone (default: UTC)
target_formatRequired: Format of source timestamp
target_format_customOptional: Custom target format (only if TargetFormat = "custom")
target_keyOptional: Target field (if empty, overwrites SourceKey)
target_timezoneOptional: Target timezone (default: UTC)
convert_timestamp.TimestampFormat
Required: Format of source timestamp
cortex_xsoar_management_logs.SecretsConfig
APIKey for GreyNoise Community API
cortex_xsoar_management_logs.SettingsConfig
api_key_idAPI Key ID for authentication
domain_nameDomain name of the Cortex XSOAR instance
backfill_start_timeStart time for backfilling data
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
create_key_value_if_key_value.ArgumentsConfig
keyThe key to add to the record
key_to_watchThe key to watch for
valueThe value to add to the record
value_to_watchThe value to watch for
cribl_http.SettingsConfig
ingress_addressYour group's ingress address found in your group information panel. This is the hostname where your Cribl instance is accessible.
pathThe path you've set for your HTTP Source's HTTP Event API. This is the endpoint path where data will be sent. Note: You do not need to append _bulk to this path as monad already does this for you.
portThe port you've set your HTTP Source to listen on. This should be the port number where your Cribl HTTP Source is configured to receive data.
customer_event_data.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
customer_event_data.SettingsConfig
environmentDetermines the URI {environment}.docusign.com
user_idUser id of the Docusign admin
backfill_start_timeDate to start fetching data from in RFC3339 format. If not specified, a full sync of data upto now would be performed on the first sync (since the previous 7 days). You must specify a backfill time to query for data for a time before 7 days. All syncs thereafter will be incremental.
databricks.CopyIntoWriteMode
table_nameThe target Delta table name. Required for copy_into mode. If the table doesn't exist, Monad will create it.
databricks.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
databricks.SettingsConfig
controls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed
catalogThe Unity Catalog name
http_pathThe SQL warehouse HTTP path from connection details (e.g. /sql/1.0/warehouses/abc123)
schemaThe target schema within the catalog
server_hostnameThe Databricks workspace hostname (e.g. adb-1234567890.azuredatabricks.net)
volumeThe Unity Catalog Volume used for staging JSONL files
The write mode: copy_into (default) stages files and uses COPY INTO; autoloader stages files for Databricks Autoloader to ingest
databricks.WriteMode
write_modeauto_loaderdatadog.SettingsConfig
ddsourceThe integration name associated with your log: the technology from which the log originated. When it matches an integration name, Datadog automatically installs the corresponding parsers and facets.
ddtagsTags associated with your logs.
domain_urlThe base domain of the Datadog API (e.g., us5.datadoghq.com). Logs are sent to https://http-intake.logs.<DOMAIN_URL>/api/v2/logs
hostnameThe name of the originating host of the log.
serviceThe name of the application or service generating the log events. It is used to switch from Logs to APM, so make sure you define the same value when you use both products.
defender_for_endpoint_alerts.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
defender_for_endpoint_alerts.SettingsConfig
categoryseveritytenant_iduse_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
drop_key_where_value_eq.ArgumentsConfig
keyThe key to drop from the record
valueThe value to drop to check for equality with the record's value
drop_record_where_value_eq.ArgumentsConfig
keyThe key which values should be checked
valueThe value to compare with the record's value
duo_security_activity_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
duo_security_activity_logs.SettingsConfig
hostThe API hostname for your Duo Security integration.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
duplicate_key_value_to_key.ArgumentsConfig
keyThe key to duplicate from the record
new_keyThe new key to duplicate the value to
eks_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
eks_audit_logs.SettingsConfig
backfill_start_timecluster_nameregionrole_arnuse_synthetic_datausesStaticCredselasticsearch.AuthTypeEnum
The method of authentication to use with the Elasticsearch cluster. Choose between 'api_key' or 'password'.
elasticsearch.ConnectionTypeEnum
The type of connection to use with Elasticsearch. Choose between 'cloud_id' for Elastic Cloud or 'url' for direct connection.
elasticsearch.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
elasticsearch.SettingsConfig
auth_typeThe method of authentication to use with the Elasticsearch cluster. Choose between 'api_key' or 'password'.
cloud_idThe Cloud ID for connecting to an Elastic Cloud deployment. Required when connection_type is set to 'cloud_id'.
connection_typeThe type of connection to use with Elasticsearch. Choose between 'cloud_id' for Elastic Cloud or 'url' for direct connection.
indexThe name of the Elasticsearch index to write data to. If the index doesn't exist, it will be created automatically.
insecure_skip_verifyIf set to true, it skips verification of the server's TLS certificate. This is insecure and should only be used for testing purposes.
urlThe URL of the Elasticsearch cluster. Required when connection type is set to 'url'.
usernameUsername for authenticating with the Elasticsearch cluster.
encrypt.ArgumentsConfig
Encryption algorithm configuration
keyKey whose value will be encrypted
endor_labs_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
endor_labs_audit_logs.SettingsConfig
namespaceYour Endor Labs organization namespace (e.g., "your-org")
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
enrichment.ConnectorMeta
auth_typeconfigconnector_categorydescriptionhousein_betainternalnametiertype_identra_id.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
entra_id.SettingsConfig
categoryThe Category of logs to query
tenant_idThe tenant ID of the Azure AD application
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
workspace_idThe workspace ID of the Log Analytics workspace
event.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
event.SettingsConfig
app_nameThe application name monad uses to connect to the CrowdStrike data stream. It's important that this name is unique to avoid conflicts with other applications connecting to the same stream. You're advised to use a unique identifier for this application. For example, if you have 2 stream input connections they should not both be named 'monad'.
cloudYour cloud type for CrowdStrike. Ex: 'autodiscover', 'us-1', 'us-2', 'eu-1', 'us-gov-1'.
member_cidIn environments where an entity (like an MSSP) manages security for multiple clients, each client is typically assigned a unique CID. This identifier allows the managing entity to access and operate within the specific customer's environment. This is crucial for scenarios where operational isolation between different clients' data and configurations is necessary.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
flatten.ArgumentsConfig
delimiterThe delimiter to use when flattening for example flattening an array of assets: _ would result in assets_0, assets_1
keyThe key to flatten
flattenall.ArgumentsConfig
delimiterThe delimiter to use when flattening for example flattening an array of assets: _ would result in assets_0, assets_1
formatter.FormatConfig
FormatConfiguration for formatting data in Apache Parquet format
full_scans.SecretsConfig
APIKey for GreyNoise Community API
full_scans.SettingsConfig
org_slugCron expression for scheduling the input
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
repoA repository slug to filter full-scans by.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
geolocus.SettingsConfig
destination_pathDestinationPath is the path where Geolocus results will be added to each record
ip_address_pathIPAddressPath is the path to a field containing an IP address to look up
no_match_responseNoMatchResponse is the value to add when no match is found
omit_metadatagithub_com_monad-inc_core_pkg_types_models.Alert
created_atdescriptionidmetadatanameorganization_idrule_idrule_typeseveritygithub_com_monad-inc_core_pkg_types_models.AlertStatus
clearing_started_atWhen clearing began
resolved_atUnix timestamp when resolved
stategithub_com_monad-inc_core_pkg_types_models.Organization
billing_account_idconnection_idcreated_atdescriptionfriendly_nameidnameparent_organization_idupdated_atgithub_com_monad-inc_core_pkg_types_models.Permission
created_atdescriptionidnameslugupdated_atgithub_com_monad-inc_core_pkg_types_models.Quota
actionbilling_account_idcreated_atcurrent_usagecurrent_usage_updated_atend_atidlimit_amountlimit_typelimit_unitnameorganization_idstart_attimeframeupdated_atgithub_com_monad-inc_core_pkg_types_models.ResourceReference
parent_ide.g., pipeline ID if resource is a node
parent_typeFor hierarchical resources
resource_idresource_type"pipeline", "node", "organization"
github_com_monad-inc_core_pkg_types_models.TimeRange
endEnd is the end of the time range (inclusive)
startStart is the beginning of the time range (inclusive)
github_com_monad-inc_core_pkg_types_models.User
created_atemailidupdated_atusernamegitlab_issues.SecretsConfig
APIKey for GreyNoise Community API
gitlab_issues.SettingsConfig
gitlab_urlGitLab URL (for Custom-Urls when self hosting. Defaults to https://gitlab.com.)
project_idProject ID to get issues for
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
confidentialConfidential to filter issues by confidentiality status. Confidential = true means only show confidential issues.
issue_typeIssueType to filter issues by type e.g. issue, incident, etc.
stateState to filter issues by e.g. opened, closed
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
with_label_detailsInclude label details in the response
gke_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
gke_audit_logs.SettingsConfig
cluster_nameThe name of the GKE cluster.
locationThe GCP location (region or zone) where the GKE cluster runs, e.g. us-central1.
project_idThe GCP project ID that contains the GKE cluster.
google_cloud_storage.SecretsConfig
APIKey for GreyNoise Community API
google_cloud_storage.SettingsConfig
bucket_nameThe name of the Google Cloud Storage bucket to use
compressionCompression format of the Google Cloud Storage objects.
formatThe format of the files in the bucket, e.g., "json", "csv", etc.
partition_formatPartition format of your bucket. Options: hive compliant ('year=2024/month=01/day=01'), flat hive compliant ('dt=2024-01-01'), or simple date ('2024/01/01').
prefixThe prefix to use when reading from the bucket. This is used to filter objects in the bucket.
project_idThe Google Cloud project ID to use
record_locationLocation of the record in the object. Applies only for JSON objects. Leave empty for the entire record.
google_cloud_storage_output.SettingsConfig
controls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed
bucketThe name of the bucket where data will be stored
compressionThe compression method to be applied to the data before storing
The format config to use
partition_formatDirectory structure used to partition stored objects. Options: simple date (e.g., '2024/01/01'), hive compliant (e.g., 'year=2024/month=01/day=01'), and flat hive compliant (e.g., 'dt=2024-01-01').
prefixAn optional prefix for object keys to organize data within the bucket
google_workspace.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
google_workspace.SettingsConfig
auth_typeAuthentication type (service_account or oauth)
backfill_start_timeDate to start fetching data from. If not specified, a full sync of data from google workspace is fetched on the first sync. All syncs thereafter will be incremental.
emailEmail address to use for authenticating with Google Cloud (required for service_account auth).
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
greenhouse_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
greenhouse_audit_logs.SettingsConfig
user_idID of the user to harvest audit logs for
backfill_start_timeDate to start fetching data from. If not specified, a full sync is fetched on the first sync. All syncs thereafter will be incremental.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
http.PayloadStructure
Determines how the payload is structured. 'single' sends each record as a separate request, 'array' sends multiple records as an array, 'wrapped' sends multiple records within a wrapper object.
http.SettingsConfig
endpointThe full URL of the HTTP endpoint to send data to. Must include the scheme (http or https).
Non secret headers
max_batch_data_sizeThe maximum size in KB for a single batch of data to be sent in one request. This does not effect the single payload structure.
max_batch_record_countThe maximum number of records to include in a single batch. For single payload structure, this is automatically set to 1. For other payload structures, this determines the maximum number of records sent in a single request.
methodThe HTTP method to use for requests (GET, POST, PUT, PATCH, or DELETE).
payload_structureDetermines how the payload is structured. 'single' sends each record as a separate request, 'array' sends multiple records as an array, 'wrapped' sends multiple records within a wrapper object.
rate_limitMaximum number of requests per second to send to the endpoint.
tls_skip_verifySkip TLS verification.
wrapper_keyThe key to use for wrapping the payload when PayloadStructure is set to 'wrapped'.
individual_alerts.SettingsConfig
alert_typeFilter by alert type (e.g., policy_violated, tag_conflict)
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
embedEmbed related resources in the data returned (e.g., read-consolidated-alert)
primary_entity_typeFilter by primary entity type (e.g., aws_ebs_volume, vmware_vm)
primary_entity_valueFilter by primary entity value (contains search)
regionThe region associated with your Clumio account
severityFilter by alert severity (error, warning)
statusFilter by alert status (active, cleared)
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
inputs.ConnectorMeta
auth_typebilling_typecategoryconfigdescriptionhousein_betainternalis_defaultnamerelease_datetiertype_idinspector.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
inspector.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync is fetched on the first sync. All syncs thereafter will be incremental.
regionThe AWS region where Inspector is enabled.
role_arnThe ARN of the IAM role to assume for accessing Inspector.
severitiesMinimum severity level of findings to fetch.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
issues.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
issues.SettingsConfig
tenant_data_centerDataCenter represents the tenant's data center location @Description Enter a tenant data center, e.g., "us1", "us2", "us3" @Description Find your tenant data center on the Tenant Info page in Wiz, or request it from your Wiz customer contact
backfill_start_timeDate to start fetching data from. If not specified, A Wiz report is generated on the first sync. All syncs thereafter will be of incremental data.
control_ids@Description Filter Issues created by specific control IDs
has_note@Description Filter Issues with or without a note
has_remediation@Description Filter Issues with or without remediation
has_service_ticket@Description Filter Issues with or without related service ticket
issue_ids@Description Filter only Issues that match these specific IDs
issue_types@Description Filter by Issue type
project_ids@Description Filter Issues associated with specific project IDs
related_entity_id@Description Filter by related entity ids
resolution_reasons@Description Filter Issues by resolution reason
risk_equals_all@Description Filters Issues by risk type according to Wiz-defined types of risk @Description Use the risk ID and not the risk name @Description All specified risks must be present
risk_equals_any@Description Filters Issues by risk type according to Wiz-defined types of risk @Description Use the risk ID and not the risk name
search_query@Description Free text search on Issue title or object name @Description Returns NULL if no match is found
security_scan@Description Filter by security scan source
severities@Description Filter Issues according to Control severity
stack_layers@Description Filter Issues from specific stack layers
status@Description Filter by Issue handling status @Description Default: OPEN
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
issues_report.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
issues_report.SettingsConfig
tenant_data_centerDataCenter represents the tenant's data center location @Description Enter a tenant data center, e.g., "us1", "us2", "us3" @Description Find your tenant data center on the Tenant Info page in Wiz, or request it from your Wiz customer contact
control_ids@Description Filter Issues created by specific control IDs
cronCron string for scheduling the ingest of your input
has_note@Description Filter Issues with or without a note
has_remediation@Description Filter Issues with or without remediation
has_service_ticket@Description Filter Issues with or without related service ticket
issue_ids@Description Filter only Issues that match these specific IDs
issue_types@Description Filter by Issue type
project_ids@Description Filter Issues associated with specific project IDs
related_entity_id@Description Filter by related entity ids
resolution_reasons@Description Filter Issues by resolution reason
risk_equals_all@Description Filters Issues by risk type according to Wiz-defined types of risk @Description Use the risk ID and not the risk name @Description All specified risks must be present
risk_equals_any@Description Filters Issues by risk type according to Wiz-defined types of risk @Description Use the risk ID and not the risk name
search_query@Description Free text search on Issue title or object name @Description Returns NULL if no match is found
security_scan@Description Filter by security scan source
severities@Description Filter Issues according to Control severity
stack_layers@Description Filter Issues from specific stack layers
status@Description Filter by Issue handling status @Description Default: OPEN
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
jq.ArgumentsConfig
keyOptional key to store result under
queryThe raw query string from config
kafka.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
kafka.SettingsConfig
acksAcknowledgment level (0=none, 1=leader only, all=all replicas)
controls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed
bootstrap_serversComma-separated list of Kafka broker addresses (host:port)
compression_typeCompression codec for messages (none, gzip, snappy, lz4, zstd)
Static headers to add to each Kafka message
message_key_fieldJSON field path to extract as the Kafka message key (uses gjson syntax)
retriesNumber of retry attempts for failed writes
sasl_mechanismSASL authentication mechanism (PLAIN, SCRAM-SHA-256, SCRAM-SHA-512)
security_protocolSecurity protocol for broker connections (NONE, SASL_PLAINTEXT, SASL_SSL, SSL)
topicThe Kafka topic to publish messages to
usernameUsername for SASL authentication
kafka.acks
Acknowledgment level (0=none, 1=leader only, all=all replicas)
kafka.compressionType
Compression codec for messages (none, gzip, snappy, lz4, zstd)
kafka.saslMechanism
SASL authentication mechanism (PLAIN, SCRAM-SHA-256, SCRAM-SHA-512)
kafka.securityProtocol
Security protocol for broker connections (NONE, SASL_PLAINTEXT, SASL_SSL, SSL)
koi_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
koi_audit_logs.SettingsConfig
audit_log_typesFilter audit logs by type(s). Available types: approval_requests, devices, endpoints, extensions, firewall. Leave empty to fetch all types.
backfill_start_timeBackfillStartTime is an optional ISO8601 timestamp to start fetching from. If not set, the input starts from the current time (no historical backfill). Example: "2024-01-01T00:00:00Z"
base_urlBase URL for the Koi API (default: https://api.prod.koi.security)
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
kv_lookup.SettingsConfig
destination_keyDestinationKey is the path where the result will be stored in the record
error_on_missing_keyErrorOnMissingKey If true, throw an error when key is not found in the KV store
join_pathJoinPath is the path to a field whose values will be used as the lookup keys
kv_lookup_output_idKVLookupOutputID is the id of the KV lookup output to join with
no_match_responseNoMatchResponse is the value to add to the record when no match is found
omit_metadatakv_lookup_output.SettingsConfig
key_fieldThe field in the incoming record to use as the key
ttlTime-to-live in hours for stored key-value pairs (0 means no expiration)
value_fieldThe field in the incoming record to use as the value
kvlookup.GetMetadataResponse
byteslast_ingested_timemax_bytesnumber_of_keysttllog_analytics_query.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
log_analytics_query.SettingsConfig
queryThe query to run against the Log Analytics workspace
tenant_idThe tenant ID of the Azure AD application
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
workspace_idThe workspace ID of the Log Analytics workspace
mask.ArgumentsConfig
keyKey whose value will be masked
Masking mode. Simple replaces values with a fixed mask. Deterministic produces a stable, correlatable output using HMAC.
mask.ModeConfig
simpletypeType of masking mode. "simple" or "deterministic". Defaults to "simple".
math_multiply_with_value.ArgumentsConfig
keyThe Key value to multiply
new_keyThe key to store the result of the multiplication
valueThe value to multiply with
meraki_config_logs.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of data from google workspace is fetched on the first sync. All syncs thereafter will be incremental.
org_idURL of the organization
regionapi.meraki.com/api/v1 for most parts of the world. Different countries may have different base URIs
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
microsoft_365_generic.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
microsoft_365_generic.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
tenant_idThe Azure Entra ID tenant (directory) ID
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
models.APIKey
created_atdescriptionexpiration_timeidnameorganization_idrole_idupdated_atmodels.APIKeyWithToken
created_atdescriptionexpiration_timeidnameorganization_idrole_idtokenupdated_atmodels.AlertRule
activecreated_atdescriptionidnameorganization_idpipeline_idsseveritytypeupdated_atmodels.BillingAccount
billing_emailcreated_atcurrent_billing_cycle_endcurrent_billing_cycle_startdeleted_atdescriptionhas_payment_methodidnamenext_product_idproduct_change_afterproduct_idstatussuspend_onupdated_atmodels.BillingAccountRole
billing_account_idcreated_atdescriptionidnamepermissionsupdated_atmodels.BillingProduct
contact_emailcreated_atdescriptionfeaturesidis_defaultnameproduct_typerecurring_cost_centsrecurring_frequencyslugupdated_atusage_unitusage_unit_cost_centsmodels.ComponentReference
idkindnametypemodels.ConditionEvaluatable
leaf config
operatorOnly set for logical nodes
type_idOnly set for leaf nodes
models.Connection
created_atdescriptionidnameorganization_idsaml_entity_idsaml_metadata_urltypeupdated_atmodels.ConnectorMeta
auth_typeconfigdescriptioninternalnametype_idmodels.ElseAction
will default to bypass if left empty on create/update
models.Enrichment
created_atdescriptionidmanaged_bynameorganization_idtypeupdated_atmodels.Input
created_atdescriptionidmanaged_bynameorganization_idtypeupdated_atmodels.InputConnectorCategory
models.OrganizationUser
connection_idcreated_atemailidinheritedrole_idrole_namesource_organization_idsource_organization_nameupdated_atusernamemodels.Output
created_atdescriptionidmanaged_bynameorganization_idtypeupdated_atmodels.OutputConnectorCategory
models.Pipeline
component_tiercreated_atcron_scheduledescriptionenabledidinput_idmanaged_bynameorganization_idupdated_atmodels.PipelineConfigV2
billingAccountIdcomponent_tiercreatedAtcron_scheduledescriptionenabledidis_syntheticmanaged_bynamenext_cron_run_atorganizationIdorganizationNameupdatedAtmodels.PipelineEdge
created_atdescriptiondisabledfrom_node_instance_ididnameorganization_idpipeline_idto_node_instance_idmodels.PipelineMetrics
end_atmetricnode_idnode_slugorganization_idorganization_namepipeline_idpipeline_nameresolutionstart_atmodels.PipelineNode
component_housecomponent_idcomponent_sub_typecomponent_typecreated_atenabledidorganization_idpipeline_idslugmodels.PipelineNodeStatus
avg_bytes_per_record_egressavg_bytes_per_record_ingresscomponent_typecomponent_type_iderrorslast_ingested_timelast_record_processed_timelast_updated_atnode_idnode_slugstatusmodels.PipelineStatus
average_size_egressedaverage_size_ingestederrorslast_ingested_timelast_updated_atorganization_idorganization_namepipeline_idpipeline_namestatusmodels.PipelineStatusValue
models.ProgressEntry
labelLabel is an optional descriptor that is human-readable and can be displayed in the UI It should mainly be used to contain the field name/path that is used to extract timestamp for a given inputs data
partition_keyPartitionKey is an optional identifier for multi-entity inputs (e.g., "detector-123", "us-east-1") In a case where we store multiple state timestamps for a singular input we would use this field as a differentiator
Ranges represents the time ranges that have been read by an input node. Each range is a tuple of (start, end) timestamps indicating what data has been processed. Multiple ranges allow tracking non-contiguous data reads.
models.ProgressLabel
Label is an optional descriptor that is human-readable and can be displayed in the UI It should mainly be used to contain the field name/path that is used to extract timestamp for a given inputs data
models.RoleWithPermissions
created_atdescriptionidnameorganization_idprotectedupdated_atmodels.Secret
created_atWhen the secret was created
descriptionThe user set Description of the secret
idThe ID of the secret
nameThe user set Name of the secret
organization_idThe OrganizationID the secret belongs to
updated_atWhen the secret was updated
valueThe value of the secret. This will never be returned to the client but can be used to set new values when used in a request payload.
models.SecretWithComponents
created_atWhen the secret was created
descriptionThe user set Description of the secret
idThe ID of the secret
nameThe user set Name of the secret
organization_idThe OrganizationID the secret belongs to
updated_atWhen the secret was updated
valueThe value of the secret. This will never be returned to the client but can be used to set new values when used in a request payload.
models.StorageTypeCostSummary
total_org_cost_post_filtertotal_org_cost_pre_filtertotal_org_ingest_bytestotal_org_ingest_gbtotal_org_output_storage_bytestotal_org_output_storage_gbmodels.StorageTypeOutputDetail
cost_idcost_per_gbegress_bytesegress_bytes_gbnum_pipelinespre_filter_bytespre_filter_bytes_gbtotal_cost_post_filtertotal_cost_pre_filtermodels.StorageTypeSummaryResponse
end_atorganization_idorganization_namestart_atmodels.StorageTypeTimeSeriesResponse
end_atmetricorganization_idorganization_nameresolutionstart_atmodels.Transform
created_atdescriptionidmanaged_bynameorganization_idupdated_atmodels.TransformConditional
elsewill default to bypass if left empty on create/update
models.TransformsRepositoryTransform
created_atdescriptionidinput_type_idnameupdated_atmodels.UserAuthProvider
connection_idcreated_atidproviderprovider_iduser_idmodels.UserOrganization
billing_account_idcreated_atdescriptionfriendly_nameidinheritednameparent_organization_idsource_organization_idsource_organization_nameupdated_atmodels.UserRoleWithPermissions
inheritedorganization_idrole_idrole_namesource_organization_idmonad_log.SettingsConfig
log_typeuse_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
mutate_type.ArgumentsConfig
keyThe key to mutate the type of
typeThe new type of the key
mutate_value_where_key_eq_and_value_eq.ArgumentsConfig
keyThe key to mutate
valueThe value to check for
value_to_setThe value to set if the key and value match
object_storage.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
object_storage.SettingsConfig
controls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed
bucketThe name of the object storage bucket where data will be stored
compressionThe compression method to be applied to the data before storing
endpointThe endpoint URL for the object storage service (e.g., https://fly.storage.tigris.dev, https://minio.example.com)
The format config to use
partition_formatDirectory structure used to partition stored objects. Options: simple date (e.g., '2024/01/01'), hive compliant (e.g., 'year=2024/month=01/day=01'), and flat hive compliant (e.g., 'dt=2024-01-01').
prefixAn optional prefix for object keys to organize data within the bucket
regionThe region for the object storage service (optional for some providers)
skip_ssl_verificationWhether to skip SSL certificate verification (useful for self-signed certificates or development environments)
use_path_styleWhether to use path-style URLs (bucket.endpoint.com/object vs endpoint.com/bucket/object). Most S3-compatible services require this to be true.
object_storage_input.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
object_storage_input.SettingsConfig
bucketName of the storage bucket
compressionCompression format of the objects
endpointEndpoint URL for the object storage service (e.g., https://minio.example.com, https://s3.amazonaws.com)
formatFile format of the objects
partition_formatPartition format of your bucket. Options: hive compliant ('year=2024/month=01/day=01'), flat hive compliant ('dt=2024-01-01'), or simple date ('2024/01/01').
prefixPrefix that leads to the start of the expected partition. For example: "/foobar/year=2024/month=01/day=01/". The prefix is foobar.
record_locationLocation of the record in the object. Applies only for JSON objects. Leave empty for the entire record.
regionOptional region for the object storage service. This is often required for services like AWS S3.
skip_ssl_verificationSkip SSL verification for self-signed certificates
use_path_styleWhether to use path-style URLs (bucket.endpoint.com/object vs endpoint.com/bucket/object). Most S3-compatible services require this to be true.
offlineenrollmentlogs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
offlineenrollmentlogs.SettingsConfig
hostThe API hostname for your Duo Security integration.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
onelogin_events.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
onelogin_events.SettingsConfig
subdomainSubDomain is a placeholder that represents your specific OneLogin subdomain.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
opal_events.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync is fetched on the first sync. All syncs thereafter will be incremental.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
openai_audit_logs.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
opensearch.SettingsConfig
auth_modeThe authentication mode (basic, aws_role)
indexThe name of the OpenSearch index to use.
insecure_skip_verifyWhether to skip TLS certificate verification (not recommended for production).
regionThe AWS Region where the OpenSearch domain is located
role_arnThe AWS IAM Role ARN to assume (used for aws_role auth)
urlThe URL of the OpenSearch instance (must start with https).
usernameThe username for authenticating with OpenSearch (used for basic auth).
operation_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
operation_logs.SettingsConfig
account_idAccount ID for the input
backfill_start_timeDate to start fetching data from. If not specified, data from 6 months ago up till now from zoom is fetched on the first sync. All syncs thereafter will be incremental.
category_typeThe category of logs to pull
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
oracle.SettingsConfig
domainDomain name for the Oracle Cloud service
usernameUsername of Oracle Cloud service user with permissions to access the resource
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
org_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
org_audit_logs.SettingsConfig
auth_typeAuthentication type to use
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
github_app_installation_idGitHub App Installation ID (required when using GitHub App authentication)
github_client_idGitHub Client ID (alternative to personal access token)
includeEvent types to include. web: Gets all web (non-git) events. git: Gets git events. all: Gets both.
organizationYour GitHub organization name
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
outputs.ConnectorMeta
auth_typebilling_typecategoryconfigdescriptionhousein_betainternalnamerelease_datetiertype_idownbackup_account_events.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
ownbackup_account_events.SettingsConfig
regionRegion of the OwnBackup instance
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
pagerduty.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
pagerduty.SettingsConfig
AlertsConfig contains configuration options that apply only when EventType is set to 'alert'
default_event_typeEventType determines whether events are sent as 'change' or 'alert' events. We recommend reading the docs for this output before making this choice.
SummaryConfig allows customization of event summary messages displayed in PagerDuty
pagerduty.alertsConfig
classClass defines the class/type of the event based on the input source. Defaults to an empty value.
groupA cluster or grouping of sources. For example, sources "prod-datapipe-02" and "prod-datapipe-03" might both be part of "prod-datapipe". Applicable if event type is set to alerts. Defaults to an empty value.
severityIndicates the severity of the impact to the affected system. Applicable for you if event type is set to alerts. Defaults to 'critical'.
pagerduty.eventType
EventType determines whether events are sent as 'change' or 'alert' events. We recommend reading the docs for this output before making this choice.
pagerduty.summaryConfig
alert_sourcealertSource is the source identifier for alert events. Defaults to 'monad-platform'.
alert_summaryalertSummary is the custom summary message for alert events. Defaults to 'Monad triggered alert event'.
change_sourcechangeSource is the source identifier for change events. Defaults to 'monad-platform'.
change_summarychangeSummary is the custom summary message for change events. Defaults to 'Monad triggered change event'.
pagerduty_audit_records.SecretsConfig
APIKey for GreyNoise Community API
pagerduty_audit_records.SettingsConfig
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
palo_alto_data_security_alerts.SecretsConfig
APIKey for GreyNoise Community API
palo_alto_data_security_alerts.SettingsConfig
base_urlURL of the organization
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
parquet.ParquetFormatter
schemapolymer.SettingsConfig
domain_nameTODO: Name of domain added on Polymer Hub portal
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
postgresql.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
postgresql.SettingsConfig
column_namesThe column names to write data to, must match the root fields of the data If not provided all root fields will be used
databaseThe database name to connect to
hostThe host of the PostgreSQL database
portThe port of the PostgreSQL database
tableThe table name to write data to
userThe user to connect to the PostgreSQL database
postman_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
postman_audit_logs.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
prometheus.BasicVariant
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
prometheus.SettingsConfig
endpointlabel_fieldstimestamp_fieldtls_skip_verifyvalue_fieldpubsub.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
pubsub.SettingsConfig
domain_urlDomain URL for the Salesforce instance
organization_idOrganization ID for the Salesforce instance
topicPub/Sub topic to subscribe to
rename_key_where_value_eq.ArgumentsConfig
keyThe key to rename
new_keyThe new key to rename to
valueThe value to check for
rootly_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
rootly_audit_logs.SettingsConfig
backfill_start_timeDate to start fetching data from.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
routes.CreateOrganizationRequest
namebilling_account_iddescriptionfriendly_nameroutes.GetInputResponse
created_atdescriptionidmanaged_bynameorganization_idtypeupdated_atroutes.GetOutputResponse
created_atdescriptionidmanaged_bynameorganization_idtypeupdated_atroutes.GetTransformResponse
created_atdescriptionidmanaged_bynameorganization_idupdated_atroutes.UserWithRoles
created_atemailidupdated_atusernameroutesV2.ApplyTransformationResponse
bytes_afterbytes_beforepercentage_changerecordsroutesV2.CreateAPIKeyRequest
expiration_timenamerole_iddescriptionroutesV2.CreateBillingAccountRequest
billing_emailEmail address for billing
nameName of the billing account
descriptionDescription of the billing account
routesV2.CreateBillingAccountRoleRequest
nameName of the role
permissionsPermission slugs for the role
descriptionDescription of the role
routesV2.CreateBillingAccountSubscriptionRequest
product_idProductID is the ID of the product to subscribe to
routesV2.CreateBillingAccountSubscriptionResponse
checkout_urlCheckoutURL is a secure URL to add payment information and subscribe to the product
routesV2.CreateOutputRequest
descriptionnameoutput_typepromise_idroutesV2.CreatePipelineRequest
enablednamedescriptionroutesV2.CreateRoleV2Request
namepermission_idsdescriptionroutesV2.PipelineRequestEdge
from_node_instance_idto_node_instance_iddescriptiondisablednameroutesV2.PipelineRequestNode
component_idcomponent_typeenabledidslugroutesV2.SecretResponse
created_atdescriptionidnameorganization_idupdated_atroutesV2.StorageTypeDetailsResponse
end_atorganization_idorganization_namestart_atroutesV2.StorageTypeOutputDetailResponse
egress_bytesegress_gbingress_bytesingress_gbinput_idoutput_idpipeline_idstorage_typeroutesV2.UpdateBillingAccountRequest
billing_emailEmail address for billing
descriptionDescription of the billing account
nameName of the billing account
routesV2.UpdateBillingAccountRoleRequest
descriptionDescription of the role
nameName of the role
permissionsPermission slugs for the role
routesV2.UpdatePipelineRequest
enablednamedescriptionroutesV2.organizationOverview
disabledhealthyunhealthyerrorsexpired_messageslast_ingested_timeroutesV2.pipelineStatus
pipeline_idpipeline_namestatuserrorsexpired_messageslast_ingested_timeroutesV2.pipelineWithStatus
idstatuslast_ingested_timeroutesV3.CreateAlertRuleRequest
activeActive indicates whether the alert rule is active
descriptionDescription of the alert rule
nameName of the alert rule
pipeline_idsPipeline IDs that this alert rule applies to
RuleConfig contains the configuration for the alert rule
severitySeverity level of the alert (e.g., "critical", "warning", "info")
typeType of the alert rule
routesV3.CreateChildOrganizationRequest
namedescriptionfriendly_nameroutesV3.CreateConnectionRequest
descriptionDescription of the connection
nameName of the connection
SAML is the configuration for SAML connections
routesV3.GetEnrichmentResponse
created_atdescriptionidmanaged_bynameorganization_idtypeupdated_atroutesV3.UpdateAlertRuleRequest
activeActive indicates whether the alert rule is active
descriptionDescription of the alert rule
nameName of the alert rule
pipeline_idsPipeline IDs that this alert rule applies to
RuleConfig contains the configuration for the alert rule
severitySeverity level of the alert (e.g., "critical", "warning", "info")
routesV3.UpdateConnectionRequest
descriptionConnection Description to be updated
nameConnection Name to be updated
s3.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
s3.SettingsConfig
controls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed
bucketThe name of the S3 bucket where data will be stored
compressionThe compression method to be applied to the data before storing in S3
The format config to use
partition_formatDirectory structure used to partition stored objects. Options: simple date (e.g., '2024/01/01'), hive compliant (e.g., 'year=2024/month=01/day=01'), and flat hive compliant (e.g., 'dt=2024-01-01').
prefixAn optional prefix for S3 object keys to organize data within the bucket
regionThe AWS region where the S3 bucket is located
role_arnThe Amazon Resource Name (ARN) of the IAM role to assume which grants access to the S3 bucket
security_lake.SettingsConfig
controls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed
bucketNameBucket Name
bucket_urlThe name of the S3 bucket where data will be stored
keyS3 Key
Configuration for formatting data in Apache Parquet format
role_arnThe Amazon Resource Name (ARN) of the IAM role to assume which grants access to the S3 bucket
Details about the source AWS account and region for Security Lake
security_lake.SourceAccountDetails
source_account_idSource AWS Account ID
source_regionSource AWS Region
semgrep_code_findings.SecretsConfig
APIKey for GreyNoise Community API
semgrep_code_findings.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
semgrep_supply_chain_findings.SecretsConfig
APIKey for GreyNoise Community API
semgrep_supply_chain_findings.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
sentinel.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
sentinel.SettingsConfig
endpointThe Azure Monitor Data Collection Rule (DCR) ingestion endpoint URL.
rule_idThe unique identifier of the Data Collection Rule (DCR).
stream_nameThe name of the data stream defined in the Data Collection Rule.
sentry_org_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
sentry_org_audit_logs.SettingsConfig
host_nameFor self-hosted, specify your host name here. Otherwise, leave it default as sentry.io.
org_slugThe ID or slug of the organization
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
slack_enterprise_audit_logs.SettingsConfig
backfill_start_timeDate to start fetching data from. Dates before March 2018 are valid but will result in an error during validation.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
snowflake_input.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
snowflake_input.SettingsConfig
accountThe unique identifier for your Snowflake account, typically in the form of 'organization-account_name'.
auth_typeAuthentication type: "password" or "private key"
cronCron string for scheduling the ingest of your input
databaseThe name of the Snowflake database to connect to and perform operations on
roleThe name of the Role your service account was granted which can access your resources.
schemaThe schema within the Snowflake database where the target table resides.
timestamp_columnThe column containing timestamp values used for incremental loading
userThe username of the Snowflake account used to establish the connection.
warehouseThe Snowflake virtual warehouse to use for executing queries and processing data.
queryOptional custom query to use instead of table (must include timestamp_column)
tableThe name of the table in Snowflake to query data from.
snowflake_output.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
snowflake_output.SettingsConfig
accountThe unique identifier for your Snowflake account, typically in the form of 'organization-account_name'.
auth_typecontrols when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed
case_insensitivityTreat column names as case-insensitive (convert to uppercase) to match Snowflake's default behavior.
databaseThe name of the Snowflake database to connect to and perform operations on
roleThe name of the Role your service account was granted which can access your resources.
schemaThe schema within the Snowflake database where the target table resides.
stageThe name of the Snowflake stage where the data will be copied to. Monad create or replace the stage.
tableThe name of the table in Snowflake where the data will be written. If the table doesn't exist Monad will create the table.
userThe username of the Snowflake account used to establish the connection.
warehouseThe Snowflake virtual warehouse to use for executing queries and processing data.
snyk_issues.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
snyk_targets.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
splunk.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
splunk.SettingsConfig
allow_insecureWhether to allow insecure connections (not recommended for production).
indexThe index you want to send data to. If left empty, data is sent to the default index associated with the token. If specified, please read our docs for more context on Splunk token & Index scoping.
portThe port of the Splunk instance.
to_createEnsure this is selected if you want Monad to create the index for you. If you are using a pre-existing index, please leave this deselected. Read our docs for more context on Splunk token & Index scoping.
urlThe URL of the Splunk instance (must start with http or https).
usernameRepresents an administrative account to manage indices. Used to create an index, hence can be left empty if default index is to be used.
sumologic.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
sumologic.SettingsConfig
Additional metadata to send with each source.
urlThe URL of the Sumo Logic instance.
sumologic.SourceMetadata
custom_source_categoryDesired source category. Useful if you want to override the source category configured for the source.
custom_source_hostDesired source host. Useful if you want to override the source host configured for the source.
custom_source_nameDesired source name. Useful if you want to override the source name configured for the source.
sumologic.SumoField
field_nameName of the field to reference.
field_valueValue of the field to reference.
synthetic_data.SettingsConfig
rateThe rate at which to generate records (between 1 and 1000) per second
record_typeThe type of record to generate
synthetic_data_custom.SettingsConfig
custom_templateA custom template using the functions we provide to generate demo data
rateThe rate at which to generate records (between 1 and 1000) per second
tanium_graphql_input.SettingsConfig
base_urlThe base URL of your GraphQL endpoint including the path
enable_paginationEnable pagination support
graphql_queryThe GraphQL query to execute against the endpoint to fetch data
has_next_page_pathJSONPath location to check if there are more pages
interval_secondsTime interval in seconds between consecutive GraphQL API calls
pagination_cursor_pathJSONPath location for pagination cursor/token
record_locationJSONPath location of the records array in the GraphQL response
GraphQL query variables to pass with each request
team_access_logs.SecretsConfig
APIKey for GreyNoise Community API
team_access_logs.SettingsConfig
backfill_start_timeStart time for backfilling data
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
team_integration_logs.SecretsConfig
APIKey for GreyNoise Community API
team_integration_logs.SettingsConfig
backfill_start_timeStart time for backfilling data
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
telephony_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
telephony_logs.SettingsConfig
hostThe API hostname for your Duo Security integration.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
tenable_assets.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
tenable_assets.SettingsConfig
backfill_start_timeDate to start fetching assets from. If not specified, a full sync of assets is fetched on the first sync. All syncs thereafter will have incremental data.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
tenable_assets_cron.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
tenable_assets_cron.SettingsConfig
cronCron expression to schedule the data collection.
tenable_vulnerabilities.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
tenable_vulnerabilities.SettingsConfig
backfill_start_timeDate to start fetching vulnerabilities from. If not specified, a full sync of assets is fetched on the first sync. All syncs thereafter will have incremental data.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
tenable_vulnerabilities_cron.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
tenable_vulnerabilities_cron.SettingsConfig
cronCron expression to schedule the data collection.
tines_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
tines_audit_logs.SettingsConfig
tenant_domainThe Tines tenant domain (e.g., your-org.tines.com)
backfill_start_timeDate to start fetching data from. If not specified, will fetch from the most recent data available.
operation_namesFilter by specific operation names (optional)
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
user_idsFilter by specific user IDs (optional)
tines_events_logs.SecretsConfig
APIKey for GreyNoise Community API
tines_events_logs.SettingsConfig
tenant_urlUnique URL for your Tines instance
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
story_idFilter by the given story.
team_idFilter by the given team.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
twilio_events.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
twilio_events.SettingsConfig
actor_sidOnly includes events initiated by this Actor. Useful for auditing actions taken by specific users or API credentials.
event_typeOnly includes events of a specific event type: https://www.twilio.com/docs/usage/monitor-events#event-types
replication_start_timeOnly include events after this time for the initial sync. If not specified, returns all events from the start. Must be a valid ISO 8601 formatted datetime string: yyyy-MM-dd'T'HH:mm:ss'Z'
resource_sidOnly include events that refer to this resource. Useful for discovering the history of a specific resource.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
twilio_sendgrid_email_activity.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
types.StringComparison
The operator to use when comparing values in the filter.
This member is required.
types.StringFilter
comparisonThe operator to use when comparing values in the filter.
This member is required.
valueThe value to filter on.
This member is required.
universal.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
universal.SettingsConfig
instance_nameName of the ServiceNow instance
streamsServiceNow streams to fetch data from
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
utc_timestamp.ArgumentsConfig
formatThe format of the timestamp
keyThe key to store the timestamp in
utc_timestamp.TimestampFormat
The format of the timestamp
vercel_user_events.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
use_synthetic_dataGenerate synthetic data for testing, instead of connecting to a real data source. Defaults to an hourly cron schedule for cron-based inputs.
with_payloadWhether to include detailed payload information in the events.
voltio_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
voltio_audit_logs.SettingsConfig
base_urlBase URL of your Volt.io API instance (e.g., https://api.volt.io)
backfill_start_timeDate to start fetching data from. If not specified, defaults to 90 days ago. All syncs thereafter will be incremental.
customer_idOptional: Filter audit logs by specific customer ID
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
vulnerability_findings.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
vulnerability_findings.SettingsConfig
asset_typesAsset types for Wiz. Ex: 'VIRTUAL_MACHINE', 'CONTAINER', etc.
endpoint_urlEndpoint URL for the Wiz API. Ex: 'https://api.wiz.io/v1/vulnerability-findings'.
asset_statusAsset status types for Wiz. Ex: 'ACTIVE', 'INACTIVE'.
backfill_start_timeDate to start fetching data from. If not specified, Data is fetched since one year ago. All syncs thereafter will be of incremental data.
detection_methodDetection method types for Wiz. Ex: 'AGENT', 'CLOUD', 'AGENT_CLOUD'.
statusStatus types for Wiz. Ex: 'OPEN', 'RESOLVED'.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
vendor_severityVendor severity types for Wiz. Ex: 'CRITICAL', 'HIGH', 'MEDIUM', 'LOW'
vulnerability_findings_report.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
vulnerability_findings_report.SettingsConfig
asset_typesAsset types for Wiz. Ex: 'VIRTUAL_MACHINE', 'CONTAINER', etc.
endpoint_urlEndpoint URL for the Wiz API. Ex: 'https://api.wiz.io/v1/vulnerability-findings'.
asset_statusAsset status types for Wiz. Ex: 'ACTIVE', 'INACTIVE'.
cronCron string for scheduling the ingest of your input
detection_methodDetection method types for Wiz. Ex: 'AGENT', 'CLOUD', 'AGENT_CLOUD'.
statusStatus types for Wiz. Ex: 'OPEN', 'RESOLVED'.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
vendor_severityVendor severity types for Wiz. Ex: 'CRITICAL', 'HIGH', 'MEDIUM', 'LOW'
wiz_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
wiz_audit_logs.SettingsConfig
tenant_data_centerDataCenter represents the tenant's data center location. Enter a tenant data center, e.g., "us1", "us2", "us3"
backfill_start_timeDate to start fetching data from up to 180 days. If not specified, a sync of 180 days back is fetched on the first sync. All syncs thereafter will be incremental.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
zendesk_audit_logs.AuthType
AuthType is the type of authentication used for the input
zendesk_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
zendesk_audit_logs.SettingsConfig
auth_typeAuthType is the type of authentication used for the input
sub_domainThis is the subdomain found in your Zendesk account URL For example, if the URL is https://demo.zendesk.com then the subdomain will be demo
email_addressThis is the email address registered with your Zendesk account
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.