Schemas
abs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
abs.SettingsConfig
account_urlRepresents your storage account in Azure. Typically of the format https://{account}.blob.core.windows.net.
Controls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed.
compressionThe compression method to be applied to the data before storing in Azure
containerA container organizes a set of blobs, similar to a directory in a file system.
The format config to use
partition_formatDirectory structure used to partition stored objects. Options: simple date (e.g., '2024/01/01'), hive compliant (e.g., 'year=2024/month=01/day=01'), and flat hive compliant (e.g., 'dt=2024-01-01').
prefixAn optional prefix for Azure object keys to organize data within the container
add_id.ArgumentsConfig
keyThe key to add to the record with id value
typeThe type of the identifier
admin_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
admin_logs.SettingsConfig
hostuse_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
aiven_service_logs.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync is fetched on the first sync. All syncs thereafter will be incremental.
projectThe Aiven project name
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
serviceThe Aiven service name
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
alerts.AlertMeta
categoryconfigdescriptiongranularityhouseinternalmanaged_bynametiertype_idarize_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
arize_audit_logs.SettingsConfig
backfill_start_timeDate to start fetching data from.
interval_secondsTime interval in seconds between consecutive GraphQL API calls
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source
auth_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
auth_logs.SettingsConfig
hostuse_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
authenticationtypes.AuthenticationMethod
confirmedcreated_atcredential_backed_upcredential_device_typeemailidkey_idlink_idnamephone_numberpublic_keytypeuser_agentauthenticationtypes.TokenResponse
access_tokenemailexpires_inid_tokenrefresh_tokentoken_typeaws_guardduty.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
aws_guardduty.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
regionThe AWS region where GuardDuty is enabled.
role_arnThe ARN of the IAM role to assume for accessing GuardDuty.
severityFilter findings by severity levels.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
aws_s3.SettingsConfig
bucketName of the S3 bucket.
compressionCompression format of the S3 objects.
formatFile format of the S3 objects.
partition_formatPartition format of your S3 bucket. Options: hive compliant ('year=2024/month=01/day=01'), flat hive compliant ('dt=2024-01-01'), or simple date ('2024/01/01').
schemaOrdered list of column names for headerless delimited files (e.g. PSV). Applies to the "delimited" format only; the "csv" and "wsv" formats always read column names from the first row and ignore this field.
backfill_start_timeDate to start fetching data from. If not specified, a full sync of data upto now would be performed on the first sync. All syncs thereafter will be incremental.
Optional S3 key filter. nil pointer = no filtering.
prefixPrefix of the S3 object keys to read.
record_locationLocation of the record in the JSON object. This can be ignored if the record is not in JSON format. Leave empty if you want the entire record.
regionAWS Region of your bucket.
role_arnRole ARN to assume when reading from S3.
aws_sqs_s3_cloudtrail.ChunkingMode
ChunkingMode for the Records array. Empty → by_size.
aws_sqs_s3_cloudtrail.SettingsConfig
queue_urlregionchunking_modeChunkingMode for the Records array. Empty → by_size.
exclude_digest_filesExcludeDigestFiles skips keys containing "/CloudTrail-Digest/" (hash signatures, not events).
role_arnuses_snswith_metadataawssqsoutput.QueueType
The type of SQS queue to use. Can be either "standard" or "fifo".
awssqsoutput.SettingsConfig
message_group_idThe message group ID for FIFO queues. This is required for FIFO queues.
queue_typeThe type of SQS queue to use. Can be either "standard" or "fifo".
queue_urlThe URL of the SQS queue to poll for messages.
regionThe AWS region where the SQS queue is located.
role_arnThe ARN of the IAM role to assume for accessing the SQS queue.
awssqss3.SettingsConfig
compressionCompression of S3 objects. oneof must mirror compression_handlers.ListCompressions(); TestCompressionFormatTagDrift guards drift.
formatFormat of S3 objects. oneof must mirror format_handlers.ListFormats(); TestCompressionFormatTagDrift guards drift. csv is omitted because format_handlers' package init wipes its Formats map after per-file inits register, so ListFormats() doesn't include csv today.
queue_urlregionOptional S3 key filter. nil pointer = no filtering.
record_locationRecord location within each parsed object. JSON only; empty = whole record.
role_arnuses_snswith_metadataaxiom.SettingsConfig
datasetName of the Axiom dataset in which data will be written
azure_activity_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
azure_activity_logs.SettingsConfig
correlation_idThe correlation ID of the log
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
resource_group_nameThe name of the resource group
resource_providerThe provider of the resource
resource_uriThe URI of the resource
subscription_idThe subscription ID of the Azure subscription
tenant_idThe tenant ID of the Azure AD application
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
azure_blob_storage.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
azure_blob_storage.SettingsConfig
account_urlRepresents your storage account in Azure. Typically of the format https://{account}.blob.core.windows.net.
backfill_start_timeStarting timestamp for initial data sync. Only processes blobs with a last modified time after this timestamp on the initial sync. If not specified, all available data from the specified prefix will be processed. Incremental syncs automatically continue from the last processed timestamp, scanning from the previous day's partition forward to catch late-arriving data. Files updated in partitions older than the current state's previous prefix will not be detected.
compressionThe compression format of objects in the Azure container
containerA container organizes a set of blobs, similar to a directory in a file system.
formatFile format of the Blob storage objects in Azure.
partition_formatPartition format of your Azure container. Options: hive compliant ('year=2024/month=01/day=01'), flat hive compliant ('dt=2024-01-01'), or simple date ('2024/01/01').
prefixAn optional prefix for Azure object keys to organize data within the container
record_locationLocation of the record in the object. Applies only for JSON objects. Leave empty for the entire record.
azure_event_hubs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
azure_event_hubs.SettingsConfig
consumer_groupThe consumer group name for reading events (default: $Default)
event_hub_nameThe name of the specific Event Hub to consume from
event_hub_namespaceThe fully qualified namespace URL (e.g., your-namespace.servicebus.windows.net)
lookback_durationThe duration to look back for events in minutes (default: 60 minutes)
subscription_idThe Azure subscription ID containing your Event Hubs namespace
tenant_idThe Azure Entra ID tenant (directory) ID
azure_vnet_flow_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
azure_vnet_flow_logs.SettingsConfig
prefixregionThe Azure region where the virtual network is located
resource_group_nameThe name of the resource group containing the virtual network
storage_account_urlThe Azure storage account URL where flow logs are stored
subscription_idThe Azure subscription ID where the virtual network and storage account are located
tenant_idThe Azure Entra ID tenant (directory) ID.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
virtual_network_nameThe name of the virtual network for which flow logs are being collected
backblaze.SettingsConfig
Controls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed.
bucketThe name of the B2 bucket where data will be stored
compressionThe compression method to be applied to the data before storing in B2
The format config to use
partition_formatDirectory structure used to partition stored objects. Options: simple date (e.g., '2024/01/01'), hive compliant (e.g., 'year=2024/month=01/day=01'), and flat hive compliant (e.g., 'dt=2024-01-01').
prefixAn optional prefix for B2 object keys to organize data within the bucket
regionThe B2 region/endpoint (e.g., us-west-001)
backblaze_b2.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
backblaze_b2.SettingsConfig
backfill_start_timeDate to start fetching data from
bucketName of the B2 bucket
compressionCompression format of the B2 objects
formatFile format of the B2 objects
partition_formatPartition format of your B2 bucket. Options: hive compliant ('year=2024/month=01/day=01'), flat hive compliant ('dt=2024-01-01'), or simple date ('2024/01/01').
prefixPrefix of the B2 object keys to read
record_locationLocation of the record in the object. Applies only for JSON objects. Leave empty for the entire record.
regionB2 Region of your bucket (e.g., us-west-001, us-west-002, eu-central-003)
batch_config.BatchConfig
batch_data_sizebatch_record_countpublish_ratebigquery.SettingsConfig
datasetThe name of the BigQuery dataset where the table resides
project_idThe Google Cloud Project ID where the BigQuery instance is located
tableThe name of the table where the data will be written
bigquery_input.SettingsConfig
datasetThe BigQuery dataset ID containing the table
projectThe GCP project ID containing the BigQuery dataset
queryOptional custom query to use instead of table (must include timestamp_column)
tableThe BigQuery table ID to query data from
timestamp_columnThe column containing timestamp values used for incremental loading
bitwarden_events.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
bitwarden_events.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, will fetch from the most recent data available.
base_urlBase URL for self-hosted Bitwarden instance (required if region is SelfHosted)
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
regionRegion of the Bitwarden instance: US, EU, or SelfHosted (default: US)
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
box_events.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
box_events.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, data from 1 year ago upto now from box is fetched on the first sync. All syncs thereafter will be incremental.
event_typeA list of event types to filter by.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
brinqa_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
brinqa_audit_logs.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync is fetched on the first sync. All syncs thereafter will be incremental.
hostnameThe Brinqa environment hostname (e.g., "ssb.brinqa.net")
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
bugsnag_org_events.SettingsConfig
backfill_start_timeDate to start fetching data from.
organization_idOrganization ID
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
buildkite_audit_logs.SettingsConfig
backfill_start_timeGenerate synthetic demo data instead of connecting to the real data source.
UseSyntheticData bool json:"use_synthetic_data"
Date to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
org_slugThe URL slug of your Buildkite organizations
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
buildkite_graphql_input.SettingsConfig
enable_paginationEnable pagination support
graphql_queryThe GraphQL query to execute against the endpoint to fetch data
has_next_page_pathJSONPath location to check if there are more pages
interval_secondsTime interval in seconds between consecutive GraphQL API calls
pagination_cursor_pathJSONPath location for pagination cursor/token
record_locationJSONPath location of the records array in the GraphQL response
GraphQL query variables to pass with each request
cisa_user.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
cloud_configuration_findings.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
cloud_configuration_findings.SettingsConfig
endpoint_urlEndpoint URL for the Wiz API. Ex: 'https://api.wiz.io/v1/cloud-configuration-findings'.
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
resultResult types for Wiz. Ex: 'PASSED', 'FAILED', 'ERROR', 'NOT ASSESSED'.
severitySeverity types for Wiz. Ex: 'CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'NONE'.
statusStatus types for Wiz. Ex: 'OPEN', 'RESOLVED', 'REJECTED'.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
cloud_logs.SettingsConfig
enable_proto_payload_parsingEnables automatic parsing of embedded protocol buffer payloads within the input.
filterThe filter to apply to the logs.
resource_namesThe resources to query logs from.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
cloud_resource_inventory.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
cloud_resource_inventory.SettingsConfig
endpoint_urlEndpoint URL for the Wiz API. Ex: 'https://api.wiz.io/v1/cloud-resource-inventory'.
entityTypeEntity types for Wiz.
backfill_start_timeDate to start fetching data from. If not specified, A Wiz report is generated on the first sync. All syncs thereafter will be of incremental data.
cloudPlatformCloud Platform types for Wiz. Ex: 'AWS', 'AZURE', 'GCP'.
full_snapshotFullSnapshot indicates whether to fetch a full snapshot of the cloud resource inventory.
intervalDefines how frequently (in hours) the system polls the Wiz API to retrieve updated data. Only applicable when full_snapshot is enabled. The interval timer begins after each sync operation completes.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
cloudflare_ddos_attack_analytics.SecretsConfig
APIKey for GreyNoise Community API
cloudflare_ddos_attack_analytics.SettingsConfig
account_idCloudflare Account ID
backfill_start_timeThe date to start fetching data from (RFC3339 format). If not specified, fetches all available data within API retention limits.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
cloudflare_firewall_events.SecretsConfig
APIKey for GreyNoise Community API
cloudflare_firewall_events.SettingsConfig
include_bot_fieldsInclude Bot Management fields (requires Enterprise plan with Bot Management add-on)
lookback_durationInitial lookback duration for first sync (e.g., "24h", "168h"). Respects API retention limits.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
zone_idCloudflare Zone ID
cloudflare_http_requests.SecretsConfig
APIKey for GreyNoise Community API
cloudflare_http_requests.SettingsConfig
fieldsFields to include in the query. Leave empty to use default curated list. Only fields available to your account will be included (validated against API). Maximum 50 fields due to API constraints.
lookback_durationInitial lookback duration for first sync (e.g., "24h", "168h"). Respects API retention limits.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
zone_idCloudflare Zone ID
cloudflare_url_scanner.SecretsConfig
APIKey for GreyNoise Community API
cloudflare_url_scanner.SettingsConfig
account_idCloudflare Account ID
backfill_start_timeDate to start fetching data from (RFC3339 format). Note: Historical data availability depends on your Cloudflare plan (Free: last 50 scans, Self Serve: 30 days, Enterprise: 12 months, Cloudforce One: unlimited)
filter_my_scansFilter to only show scans created by the current API token
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source
cloudflare_zero_trust_access_requests.SecretsConfig
APIKey for GreyNoise Community API
cloudflare_zero_trust_access_requests.SettingsConfig
account_idCloudflare Account ID
backfill_start_timeDate to start fetching data from (RFC3339 format)
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source
cloudtrail.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of data upto now would be performed on the first sync. All syncs thereafter will be incremental.
bucketThe name of the S3 bucket
prefixPrefix of the S3 object keys to read.
regionThe region of the S3 bucket
role_arnThe ARN of the role to assume to access the bucket
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
clumio_audit_logs.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
regionThe region associated with your Clumio account
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
clumio_consolidated_alerts.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
parent_entity_idThe system-generated ID of the parent entity that is associated with the primary entity affected by the alert.
parent_entity_typeThe system-generated name of the parent entity that is associated with the primary entity affected by the alert.
regionThe region associated with your Clumio account
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
coda_audit_events.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
org_idCoda Organization ID.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
common.AuthConfig
typecommon.GitHubAppVariant
client_idinstallation_idAPIKey for GreyNoise Community API
common.PersonalAccessTokenVariant
APIKey for GreyNoise Community API
community_edition.SecretsConfig
APIKey for GreyNoise Community API
community_edition.SettingsConfig
destination_pathDestinationPath is the path where the GreyNoise data will be stored
error_on_rate_limitErrorOnRateLimit determines if rate limiting should cause an error (true) or return custom response (false)
ip_address_pathIPAddressPath is the path to a field containing an IP address to look up
no_match_responseNoMatchResponse is the value to add when no match is found
omit_metadatarate_limit_responseRateLimitResponse is the value to add when rate limited
community_transforms_internal.TransformConfig
authorcontributorsdescriptioninputsnametagscommunity_transforms_internal.TransformMetadata
authorcontributorscreated_atdescriptioninputslast_modifiednamepathtagscommunity_transforms_internal.TransformsIndex
last_updatedschema_hashHash of the schema structure
convert_timestamp.ArgumentsConfig
source_formatRequired: Format of source timestamp
source_format_customOptional: Custom Go time layout (only if SourceFormat = "custom")
source_keyRequired: JSONPath to source timestamp field
source_timezoneOptional: Source timezone (default: UTC)
target_formatRequired: Format of source timestamp
target_format_customOptional: Custom target format (only if TargetFormat = "custom")
target_keyOptional: Target field (if empty, overwrites SourceKey)
target_timezoneOptional: Target timezone (default: UTC)
convert_timestamp.TimestampFormat
Required: Format of source timestamp
cortex_xsoar_management_logs.SecretsConfig
APIKey for GreyNoise Community API
cortex_xsoar_management_logs.SettingsConfig
api_key_idAPI Key ID for authentication
domain_nameDomain name of the Cortex XSOAR instance
backfill_start_timeStart time for backfilling data
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
create_key_value_if_key_value.ArgumentsConfig
keyThe key to add to the record
key_to_watchThe key to watch for
valueThe value to add to the record
value_to_watchThe value to watch for
cribl_http.SettingsConfig
ingress_addressYour group's ingress address found in your group information panel. This is the hostname where your Cribl instance is accessible.
pathThe path you've set for your HTTP Source's HTTP Event API. This is the endpoint path where data will be sent. Note: You do not need to append _bulk to this path as monad already does this for you.
portThe port you've set your HTTP Source to listen on. This should be the port number where your Cribl HTTP Source is configured to receive data.
customer_event_data.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
customer_event_data.SettingsConfig
environmentDetermines the URI {environment}.docusign.com
user_idUser id of the Docusign admin
backfill_start_timeDate to start fetching data from in RFC3339 format. If not specified, a full sync of data upto now would be performed on the first sync (since the previous 7 days). You must specify a backfill time to query for data for a time before 7 days. All syncs thereafter will be incremental.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
databricks_delta_table.AutoLoaderWriteMode
volumeThe Unity Catalog Volume used for staging JSONL files for Autoloader to ingest.
databricks_delta_table.CopyIntoWriteMode
http_pathThe SQL warehouse HTTP path from connection details (e.g. /sql/1.0/warehouses/abc123). Required for copy_into mode; not needed for autoloader.
table_nameThe target Delta table name. Required for copy_into mode. If the table doesn't exist, Monad will create it.
volumeThe Unity Catalog Volume used for staging JSONL files before COPY INTO.
databricks_delta_table.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
databricks_delta_table.SettingsConfig
Controls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed.
catalogThe Unity Catalog name
schemaThe target schema within the catalog
server_hostnameThe Databricks workspace hostname (e.g. adb-1234567890.azuredatabricks.net)
The write mode controls how data is loaded.
databricks_delta_table.WriteMode
write_modedatabricks_delta_table.ZeroBusWriteMode
regionThe Databricks workspace region (e.g. us-west-2) used to form the ZeroBus data-plane endpoint.
table_nameThe target Delta table name. The table must already exist with the expected schema.
workspace_idThe numeric Databricks workspace ID used to scope the ZeroBus OAuth token and form the data-plane endpoint.
databricks_lakehouse.AutoLoaderWriteMode
volumeThe Unity Catalog Volume used for staging JSONL files
Who manages the Auto Loader ingestion pipeline; omitted means self-managed
databricks_lakehouse.MonadManagedPipeline
intervalHow often the pipeline runs, in minutes; defaults to 60
table_nameThe bronze table the pipeline writes into; defaults to bronze_
databricks_lakehouse.PipelineConfig
modedatabricks_lakehouse.SettingsConfig
Controls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed.
catalogThe Unity Catalog name
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
schemaThe target schema within the catalog
server_hostnameThe Databricks workspace hostname (e.g. adb-1234567890.azuredatabricks.net)
The write mode: autoloader stages files for Databricks Autoloader to ingest; zerobus sends data via the ZeroBus streaming protocol
databricks_lakehouse.WriteMode
write_modedatabricks_lakehouse.ZeroBusWriteMode
regiontable_nameworkspace_iddatabricks_lakewatch.AutoLoaderPipelineWriteMode
pipeline_intervalHow often the ingestion Job runs, in minutes. Range: 5 to 1440 (24h).
tableThe target table to ingest staged files into
volumeThe Unity Catalog Volume used for staging JSONL files
databricks_lakewatch.AutoLoaderWriteMode
volumeThe Unity Catalog Volume used for staging JSONL files
databricks_lakewatch.SettingsConfig
Controls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed.
catalogThe Unity Catalog name
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
schemaThe target schema within the catalog
server_hostnameThe Databricks workspace hostname (e.g. adb-1234567890.azuredatabricks.net)
The write mode: autoloader stages files for Databricks Autoloader to ingest; zerobus sends data via the ZeroBus streaming protocol
databricks_lakewatch.WriteMode
write_modedatabricks_lakewatch.ZeroBusWriteMode
regiontable_nameworkspace_iddatadog.SettingsConfig
ddsourceThe integration name associated with your log: the technology from which the log originated. When it matches an integration name, Datadog automatically installs the corresponding parsers and facets.
ddtagsTags associated with your logs.
domain_urlThe base domain of the Datadog API (e.g., us5.datadoghq.com). Logs are sent to https://http-intake.logs.<DOMAIN_URL>/api/v2/logs
hostnameThe name of the originating host of the log.
serviceThe name of the application or service generating the log events. It is used to switch from Logs to APM, so make sure you define the same value when you use both products.
defender_for_endpoint_alerts.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
defender_for_endpoint_alerts.SettingsConfig
categoryOptional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
severitytenant_iduse_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
drop_key_where_value_eq.ArgumentsConfig
keyThe key to drop from the record
valueThe value to drop to check for equality with the record's value
drop_record_where_value_eq.ArgumentsConfig
keyThe key which values should be checked
valueThe value to compare with the record's value
duo_security_activity_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
duo_security_activity_logs.SettingsConfig
hostThe API hostname for your Duo Security integration.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
duplicate_key_value_to_key.ArgumentsConfig
keyThe key to duplicate from the record
new_keyThe new key to duplicate the value to
eks_audit_logs.SettingsConfig
backfill_start_timecluster_nameregionrole_arnuse_synthetic_datausesStaticCredselasticsearch.SecretVariant
APIKey for GreyNoise Community API
elasticsearch.SettingsConfig
indexThe name of the Elasticsearch index to write data to. If the index doesn't exist, it will be created automatically.
usernameUsername for authenticating with the Elasticsearch cluster.
auth_typeDEPRECATED: use AuthConfig & ConnectionConfig instead
cloud_idconnection_typeinsecure_skip_verifyIf set to true, it skips verification of the server's TLS certificate. This is insecure and should only be used for testing purposes.
urlencrypt.ArgumentsConfig
Encryption algorithm configuration
keyKey whose value will be encrypted
endor_labs_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
endor_labs_audit_logs.SettingsConfig
namespaceYour Endor Labs organization namespace (e.g., "your-org")
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
enrichment.ConnectorMeta
configconnector_categorydescriptionhousein_betainternalnametiertype_identra_id.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
entra_id.SettingsConfig
categoryThe Category of logs to query
tenant_idThe tenant ID of the Azure AD application
workspace_idThe workspace ID of the Log Analytics workspace
backfill_start_timeThe date to start fetching data from on first sync
ingestion_delayThe ingestion delay in seconds for the data source
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
event.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
event.SettingsConfig
app_nameThe application name monad uses to connect to the CrowdStrike data stream. It's important that this name is unique to avoid conflicts with other applications connecting to the same stream. You're advised to use a unique identifier for this application. For example, if you have 2 stream input connections they should not both be named 'monad'.
cloudYour cloud type for CrowdStrike. Ex: 'autodiscover', 'us-1', 'us-2', 'eu-1', 'us-gov-1'.
member_cidIn environments where an entity (like an MSSP) manages security for multiple clients, each client is typically assigned a unique CID. This identifier allows the managing entity to access and operate within the specific customer's environment. This is crucial for scenarios where operational isolation between different clients' data and configurations is necessary.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
flatten.ArgumentsConfig
delimiterThe delimiter to use when flattening for example flattening an array of assets: _ would result in assets_0, assets_1
keyThe key to flatten
flattenall.ArgumentsConfig
delimiterThe delimiter to use when flattening for example flattening an array of assets: _ would result in assets_0, assets_1
formatter.FormatConfig
FormatConfiguration for formatting data in Apache Parquet format
full_scans.SecretsConfig
APIKey for GreyNoise Community API
full_scans.SettingsConfig
org_slugCron expression for scheduling the input
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
repoA repository slug to filter full-scans by.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
geolocus.SettingsConfig
destination_pathDestinationPath is the path where Geolocus results will be added to each record
ip_address_pathIPAddressPath is the path to a field containing an IP address to look up
no_match_responseNoMatchResponse is the value to add when no match is found
omit_metadatagithub_actions_workflow_logs_webhook.ScopeConfig
typegithub_actions_workflow_logs_webhook.SettingsConfig
APIKey for GreyNoise Community API
AuthConfig downloads logs; needs actions:read on the scoped repos.
github_com_monad-inc_core_pkg_types_models.Alert
created_atincident start (frozen across re-fires)
descriptionfired_atthis emission's fire time; differs per re-fire
idmetadatanameorganization_idrule_idrule_typeseveritygithub_com_monad-inc_core_pkg_types_models.AlertStatus
clearing_started_atWhen clearing began
resolved_atUnix timestamp when resolved
stategithub_com_monad-inc_core_pkg_types_models.Organization
billing_account_idconnection_idcreated_atdescriptionfriendly_nameidnameparent_organization_idupdated_atgithub_com_monad-inc_core_pkg_types_models.Permission
created_atdescriptionidnameslugupdated_atgithub_com_monad-inc_core_pkg_types_models.Quota
actionbilling_account_idcreated_atcurrent_usagecurrent_usage_updated_atend_atidlimit_amountlimit_typelimit_unitnameorganization_idstart_attimeframeupdated_atgithub_com_monad-inc_core_pkg_types_models.ResourceReference
parent_ide.g., pipeline ID if resource is a node
parent_typeFor hierarchical resources
resource_idresource_type"pipeline", "node", "organization"
github_com_monad-inc_core_pkg_types_models.TimeRange
endEnd is the end of the time range (inclusive)
startStart is the beginning of the time range (inclusive)
gitlab_issues.SecretsConfig
APIKey for GreyNoise Community API
gitlab_issues.SettingsConfig
gitlab_urlGitLab URL (for Custom-Urls when self hosting. Defaults to https://gitlab.com.)
project_idProject ID to get issues for
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
confidentialConfidential to filter issues by confidentiality status. Confidential = true means only show confidential issues.
issue_typeIssueType to filter issues by type e.g. issue, incident, etc.
stateState to filter issues by e.g. opened, closed
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
with_label_detailsInclude label details in the response
gke_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
gke_audit_logs.SettingsConfig
cluster_nameThe name of the GKE cluster.
locationThe GCP location (region or zone) where the GKE cluster runs, e.g. us-central1.
project_idThe GCP project ID that contains the GKE cluster.
google_cloud_storage.SettingsConfig
bucket_nameThe name of the Google Cloud Storage bucket to use
compressionCompression format of the Google Cloud Storage objects.
formatThe format of the files in the bucket, e.g., "json", "csv", etc.
partition_formatPartition format of your bucket. Options: hive compliant ('year=2024/month=01/day=01'), flat hive compliant ('dt=2024-01-01'), or simple date ('2024/01/01').
prefixThe prefix to use when reading from the bucket. This is used to filter objects in the bucket.
project_idThe Google Cloud project ID to use
record_locationLocation of the record in the object. Applies only for JSON objects. Leave empty for the entire record.
google_cloud_storage_output.SettingsConfig
Controls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed.
bucketThe name of the bucket where data will be stored
compressionThe compression method to be applied to the data before storing
The format config to use
partition_formatDirectory structure used to partition stored objects. Options: simple date (e.g., '2024/01/01'), hive compliant (e.g., 'year=2024/month=01/day=01'), and flat hive compliant (e.g., 'dt=2024-01-01').
prefixAn optional prefix for object keys to organize data within the bucket
google_workspace.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
google_workspace.SettingsConfig
auth_typeAuthentication type (service_account or oauth)
backfill_start_timeDate to start fetching data from. If not specified, a full sync of data from google workspace is fetched on the first sync. All syncs thereafter will be incremental.
emailEmail address to use for authenticating with Google Cloud (required for service_account auth).
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
greenhouse_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
greenhouse_audit_logs.SettingsConfig
user_idID of the user to harvest audit logs for
backfill_start_timeDate to start fetching data from. If not specified, a full sync is fetched on the first sync. All syncs thereafter will be incremental.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
http.PayloadStructure
Determines how the payload is structured. 'single' sends each record as a separate request, 'array' sends multiple records as an array, 'wrapped' sends multiple records within a wrapper object.
http.SettingsConfig
endpointThe full URL of the HTTP endpoint to send data to. Must include the scheme (http or https).
Non secret headers
max_batch_data_sizeThe maximum size in KB for a single batch of data to be sent in one request. This does not effect the single payload structure.
max_batch_record_countThe maximum number of records to include in a single batch. For single payload structure, this is automatically set to 1. For other payload structures, this determines the maximum number of records sent in a single request.
methodThe HTTP method to use for requests (GET, POST, PUT, PATCH, or DELETE).
payload_structureDetermines how the payload is structured. 'single' sends each record as a separate request, 'array' sends multiple records as an array, 'wrapped' sends multiple records within a wrapper object.
rate_limitMaximum number of requests per second to send to the endpoint.
tls_skip_verifySkip TLS verification.
wrapper_keyThe key to use for wrapping the payload when PayloadStructure is set to 'wrapped'.
individual_alerts.SettingsConfig
alert_typeFilter by alert type (e.g., policy_violated, tag_conflict)
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
embedEmbed related resources in the data returned (e.g., read-consolidated-alert)
primary_entity_typeFilter by primary entity type (e.g., aws_ebs_volume, vmware_vm)
primary_entity_valueFilter by primary entity value (contains search)
regionThe region associated with your Clumio account
severityFilter by alert severity (error, warning)
statusFilter by alert status (active, cleared)
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
inputs.ConnectorMeta
billing_typecategoryconfigdescriptionhousein_betainternalis_defaultnamerelease_datetiertype_idinspector.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
inspector.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync is fetched on the first sync. All syncs thereafter will be incremental.
regionThe AWS region where Inspector is enabled.
role_arnThe ARN of the IAM role to assume for accessing Inspector.
severitiesMinimum severity level of findings to fetch.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
issues.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
issues.SettingsConfig
tenant_data_centerDataCenter represents the tenant's data center location @Description Enter a tenant data center, e.g., "us1", "us2", "us3" @Description Find your tenant data center on the Tenant Info page in Wiz, or request it from your Wiz customer contact
backfill_start_timeDate to start fetching data from. If not specified, A Wiz report is generated on the first sync. All syncs thereafter will be of incremental data.
control_ids@Description Filter Issues created by specific control IDs
has_note@Description Filter Issues with or without a note
has_remediation@Description Filter Issues with or without remediation
has_service_ticket@Description Filter Issues with or without related service ticket
issue_ids@Description Filter only Issues that match these specific IDs
issue_types@Description Filter by Issue type
project_ids@Description Filter Issues associated with specific project IDs
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
related_entity_id@Description Filter by related entity ids
resolution_reasons@Description Filter Issues by resolution reason
risk_equals_all@Description Filters Issues by risk type according to Wiz-defined types of risk @Description Use the risk ID and not the risk name @Description All specified risks must be present
risk_equals_any@Description Filters Issues by risk type according to Wiz-defined types of risk @Description Use the risk ID and not the risk name
search_query@Description Free text search on Issue title or object name @Description Returns NULL if no match is found
security_scan@Description Filter by security scan source
severities@Description Filter Issues according to Control severity
stack_layers@Description Filter Issues from specific stack layers
status@Description Filter by Issue handling status @Description Default: OPEN
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
jq.ArgumentsConfig
keyOptional key to store result under
queryThe raw query string from config
json.JsonFormatter
typekeykafka.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
kafka.SettingsConfig
acksAcknowledgment level (0=none, 1=leader only, all=all replicas)
Controls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed.
bootstrap_serversComma-separated list of Kafka broker addresses (host:port)
compression_typeCompression codec for messages (none, gzip, snappy, lz4, zstd)
Static headers to add to each Kafka message
message_key_fieldJSON field path to extract as the Kafka message key (uses gjson syntax)
retriesNumber of retry attempts for failed writes
sasl_mechanismSASL authentication mechanism (PLAIN, SCRAM-SHA-256, SCRAM-SHA-512)
security_protocolSecurity protocol for broker connections (NONE, SASL_PLAINTEXT, SASL_SSL, SSL)
topicThe Kafka topic to publish messages to
usernameUsername for SASL authentication
kafka.acks
Acknowledgment level (0=none, 1=leader only, all=all replicas)
kafka.compressionType
Compression codec for messages (none, gzip, snappy, lz4, zstd)
kafka.saslMechanism
SASL authentication mechanism (PLAIN, SCRAM-SHA-256, SCRAM-SHA-512)
kafka.securityProtocol
Security protocol for broker connections (NONE, SASL_PLAINTEXT, SASL_SSL, SSL)
koi_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
koi_audit_logs.SettingsConfig
audit_log_typesFilter audit logs by type(s). Available types: approval_requests, devices, endpoints, extensions, firewall. Leave empty to fetch all types.
backfill_start_timeBackfillStartTime is an optional ISO8601 timestamp to start fetching from. If not set, the input starts from the current time (no historical backfill). Example: "2024-01-01T00:00:00Z"
base_urlBase URL for the Koi API (default: https://api.prod.koi.security)
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
kv_lookup.SettingsConfig
destination_keyDestinationKey is the path where the result will be stored in the record
error_on_missing_keyErrorOnMissingKey If true, throw an error when key is not found in the KV store
join_pathJoinPath is the path to a field whose values will be used as the lookup keys
kv_lookup_output_idKVLookupOutputID is the id of the KV lookup output to join with
no_match_responseNoMatchResponse is the value to add to the record when no match is found
omit_metadatakv_lookup_output.SettingsConfig
key_fieldThe field in the incoming record to use as the key
ttlTime-to-live in hours for stored key-value pairs (0 means no expiration)
value_fieldThe field in the incoming record to use as the value
kvlookup.GetMetadataResponse
byteslast_ingested_timemax_bytesnumber_of_keysttllog_analytics_query.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
log_analytics_query.SettingsConfig
queryThe query to run against the Log Analytics workspace
tenant_idThe tenant ID of the Azure AD application
workspace_idThe workspace ID of the Log Analytics workspace
backfill_start_timeThe date to start fetching data from on first sync
ingestion_delayThe ingestion delay in seconds for the data source
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
looker_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
looker_audit_logs.SettingsConfig
log_categoriesThe audit log categories to ingest.
project_idsThe GCP project IDs hosting Looker Core instances.
mask.ArgumentsConfig
keyKey whose value will be masked
Masking mode. Simple replaces values with a fixed mask. Deterministic produces a stable, correlatable output using HMAC.
mask.ModeConfig
simpletypeType of masking mode. "simple" or "deterministic". Defaults to "simple".
math_multiply_with_value.ArgumentsConfig
keyThe Key value to multiply
new_keyThe key to store the result of the multiplication
valueThe value to multiply with
meraki_config_logs.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of data from google workspace is fetched on the first sync. All syncs thereafter will be incremental.
org_idURL of the organization
regionapi.meraki.com/api/v1 for most parts of the world. Different countries may have different base URIs
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
microsoft_365_generic.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
microsoft_365_generic.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
tenant_idThe Azure Entra ID tenant (directory) ID
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
models.APIKey
created_atdescriptionexpiration_timeidjwt_signing_key_idJWTSigningKeyID is the jwt_signing_keys row that signed the key's current token. Re-stamped on rotation. Empty when signed via the legacy HS256 path (no signing-key row), or for keys created before this was recorded.
nameorganization_idrole_idtoken_versionTokenVersion is the current generation of the key. It is embedded in
minted JWTs as the ver claim and bumped on rotation to invalidate
previously-issued tokens without changing the key's id.
updated_atmodels.APIKeyWithToken
created_atdescriptionexpiration_timeidjwt_signing_key_idJWTSigningKeyID is the jwt_signing_keys row that signed the key's current token. Re-stamped on rotation. Empty when signed via the legacy HS256 path (no signing-key row), or for keys created before this was recorded.
nameorganization_idrole_idtokentoken_versionTokenVersion is the current generation of the key. It is embedded in
minted JWTs as the ver claim and bumped on rotation to invalidate
previously-issued tokens without changing the key's id.
updated_atmodels.AlertRule
activecreated_atdescriptionidmanaged_bynameorganization_idpipeline_idsseveritytypeupdated_atmodels.BillingAccount
billing_emailcreated_atcurrent_billing_cycle_endcurrent_billing_cycle_startdeleted_atdescriptionhas_payment_methodidnamenext_product_idproduct_change_afterproduct_idstatussuspend_onupdated_atmodels.BillingAccountRole
billing_account_idcreated_atdescriptionidnamepermissionsupdated_atmodels.BillingProduct
contact_emailcreated_atdescriptionfeaturesidis_defaultnameproduct_typerecurring_cost_centsrecurring_frequencyslugupdated_atusage_unitusage_unit_cost_centsmodels.ComponentReference
idkindnametypemodels.ConditionEvaluatable
leaf config
operatorOnly set for logical nodes
type_idOnly set for leaf nodes
models.Connection
created_atdescriptionemail_domainsidnameorganization_idpublic_namesaml_entity_idsaml_metadata_urlSessionSettings controls the session length for logins through this connection. Optional; nil preserves the existing value, non-nil overwrites.
typeupdated_atmodels.ConnectionSessionSettings
session_timeoutmodels.ElseAction
will default to bypass if left empty on create/update
models.Enrichment
created_atdescriptionidmanaged_bynameorganization_idtypeupdated_atmodels.Input
created_atdescriptionidmanaged_bynameorganization_idtypeupdated_atmodels.InputConnectorCategory
models.InputRateLimit
rateunitmodels.OrganizationAuditLog
actionidoccurred_atorganization_idrequest_idmodels.OrganizationAuditLogHistogram
bucket_secondsearliest_occurred_atlatest_occurred_attotalmodels.OrganizationUser
connection_idcreated_atemailidinheritedrole_idrole_namesource_organization_idsource_organization_nameupdated_atusernamemodels.Output
created_atdescriptionidmanaged_bynameorganization_idtypeupdated_atmodels.OutputConnectorCategory
models.Pipeline
component_tiercreated_atcron_scheduledescriptionenabledidinput_idmanaged_bynameorganization_idupdated_atmodels.PipelineConfigV2
billingAccountIdcomponent_tiercreatedAtcron_scheduledescriptionenabledidis_syntheticmanaged_bynamenext_cron_run_atorganizationIdorganizationNameupdatedAtmodels.PipelineEdge
created_atdescriptiondisabledfrom_node_instance_ididnameorganization_idpipeline_idschema_detectionto_node_instance_idupdated_atmodels.PipelineMetrics
end_atmetricnode_idnode_slugorganization_idorganization_namepipeline_idpipeline_nameresolutionstart_atmodels.PipelineNode
component_housecomponent_idcomponent_sub_typecomponent_typecreated_atenabledidorganization_idpipeline_idslugmodels.PipelineNodeStatus
avg_bytes_per_record_egressavg_bytes_per_record_ingresscomponent_typecomponent_type_iderrorslast_ingested_timelast_record_processed_timelast_updated_atnode_idnode_slugstatusmodels.PipelineStatus
average_size_egressedaverage_size_ingestederrorslast_ingested_timelast_updated_atorganization_idorganization_namepipeline_idpipeline_namestatusmodels.PipelineStatusValue
models.ProgressEntry
labelLabel is an optional descriptor that is human-readable and can be displayed in the UI It should mainly be used to contain the field name/path that is used to extract timestamp for a given inputs data
partition_keyPartitionKey is an optional identifier for multi-entity inputs (e.g., "detector-123", "us-east-1") In a case where we store multiple state timestamps for a singular input we would use this field as a differentiator
Ranges represents the time ranges that have been read by an input node. Each range is a tuple of (start, end) timestamps indicating what data has been processed. Multiple ranges allow tracking non-contiguous data reads.
models.ProgressLabel
Label is an optional descriptor that is human-readable and can be displayed in the UI It should mainly be used to contain the field name/path that is used to extract timestamp for a given inputs data
models.RoleWithPermissions
created_atdescriptionidnameorganization_idprotectedupdated_atmodels.Secret
created_atWhen the secret was created
descriptionThe user set Description of the secret
idThe ID of the secret
nameThe user set Name of the secret
organization_idThe OrganizationID the secret belongs to
updated_atWhen the secret was updated
valueThe value of the secret. This will never be returned to the client but can be used to set new values when used in a request payload.
models.SecretWithComponents
created_atWhen the secret was created
descriptionThe user set Description of the secret
idThe ID of the secret
nameThe user set Name of the secret
organization_idThe OrganizationID the secret belongs to
updated_atWhen the secret was updated
valueThe value of the secret. This will never be returned to the client but can be used to set new values when used in a request payload.
models.StorageTypeCostSummary
total_org_cost_post_filtertotal_org_cost_pre_filtertotal_org_ingest_bytestotal_org_ingest_gbtotal_org_output_storage_bytestotal_org_output_storage_gbmodels.StorageTypeOutputDetail
cost_idcost_per_gbegress_bytesegress_bytes_gbnum_pipelinespre_filter_bytespre_filter_bytes_gbtotal_cost_post_filtertotal_cost_pre_filtermodels.StorageTypeSummaryResponse
end_atorganization_idorganization_namestart_atmodels.StorageTypeTimeSeriesResponse
end_atmetricorganization_idorganization_nameresolutionstart_atmodels.Transform
created_atdescriptionidmanaged_bynameorganization_idupdated_atmodels.TransformConditional
elsewill default to bypass if left empty on create/update
models.TransformsRepositoryTransform
created_atdescriptionidinput_type_idnameupdated_atmodels.UserAuthProvider
connection_idcreated_atidproviderprovider_iduser_idmodels.UserOrganization
billing_account_idcreated_atdescriptionfriendly_nameidinheritednameparent_organization_idsource_organization_idsource_organization_nameupdated_atmodels.UserRoleWithPermissions
inheritedorganization_idrole_idrole_namesource_organization_idmonad_log.SettingsConfig
log_typeuse_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
mutate_type.ArgumentsConfig
keyThe key to mutate the type of
typeThe new type of the key
mutate_value_where_key_eq_and_value_eq.ArgumentsConfig
keyThe key to mutate
valueThe value to check for
value_to_setThe value to set if the key and value match
object_storage.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
object_storage.SettingsConfig
Controls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed.
bucketThe name of the object storage bucket where data will be stored
compressionThe compression method to be applied to the data before storing
endpointThe endpoint URL for the object storage service (e.g., https://fly.storage.tigris.dev, https://minio.example.com)
The format config to use
partition_formatDirectory structure used to partition stored objects. Options: simple date (e.g., '2024/01/01'), hive compliant (e.g., 'year=2024/month=01/day=01'), and flat hive compliant (e.g., 'dt=2024-01-01').
prefixAn optional prefix for object keys to organize data within the bucket
regionThe region for the object storage service (optional for some providers)
skip_ssl_verificationWhether to skip SSL certificate verification (useful for self-signed certificates or development environments)
use_path_styleWhether to use path-style URLs (bucket.endpoint.com/object vs endpoint.com/bucket/object). Most S3-compatible services require this to be true.
object_storage_input.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
object_storage_input.SettingsConfig
bucketName of the storage bucket
compressionCompression format of the objects
endpointEndpoint URL for the object storage service (e.g., https://minio.example.com, https://s3.amazonaws.com)
formatFile format of the objects
partition_formatPartition format of your bucket. Options: hive compliant ('year=2024/month=01/day=01'), flat hive compliant ('dt=2024-01-01'), or simple date ('2024/01/01').
prefixPrefix that leads to the start of the expected partition. For example: "/foobar/year=2024/month=01/day=01/". The prefix is foobar.
record_locationLocation of the record in the object. Applies only for JSON objects. Leave empty for the entire record.
regionOptional region for the object storage service. This is often required for services like AWS S3.
skip_ssl_verificationSkip SSL verification for self-signed certificates
use_path_styleWhether to use path-style URLs (bucket.endpoint.com/object vs endpoint.com/bucket/object). Most S3-compatible services require this to be true.
offlineenrollmentlogs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
offlineenrollmentlogs.SettingsConfig
hostThe API hostname for your Duo Security integration.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
onelogin_events.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
onelogin_events.SettingsConfig
subdomainSubDomain is a placeholder that represents your specific OneLogin subdomain.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
opal_events.SecretsConfig
APIKey for GreyNoise Community API
opal_events.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync is fetched on the first sync. All syncs thereafter will be incremental.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
openai_audit_logs.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
opensearch.SettingsConfig
auth_modeThe authentication mode (basic, aws_role)
indexThe name of the OpenSearch index to use.
insecure_skip_verifyWhether to skip TLS certificate verification (not recommended for production).
regionThe AWS Region where the OpenSearch domain is located
role_arnThe AWS IAM Role ARN to assume (used for aws_role auth)
urlThe URL of the OpenSearch instance (must start with https).
usernameThe username for authenticating with OpenSearch (used for basic auth).
operation_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
operation_logs.SettingsConfig
account_idAccount ID for the input
backfill_start_timeDate to start fetching data from. If not specified, data from 6 months ago up till now from zoom is fetched on the first sync. All syncs thereafter will be incremental.
category_typeThe category of logs to pull
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
oracle.SettingsConfig
domainDomain name for the Oracle Cloud service
usernameUsername of Oracle Cloud service user with permissions to access the resource
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
org_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
org_audit_logs.SettingsConfig
auth_typeAuthentication type to use
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
github_app_installation_idGitHub App Installation ID (required when using GitHub App authentication)
github_client_idGitHub Client ID (alternative to personal access token)
includeEvent types to include. web: Gets all web (non-git) events. git: Gets git events. all: Gets both.
organizationYour GitHub organization name
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
outputs.ConnectorMeta
billing_typecategoryconfigdescriptionhousein_betainternalnamerelease_datetiertype_idownbackup_account_events.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
ownbackup_account_events.SettingsConfig
regionRegion of the OwnBackup instance
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
pagerduty.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
pagerduty.SettingsConfig
AlertsConfig contains configuration options that apply only when EventType is set to 'alert'
default_event_typeEventType determines whether events are sent as 'change' or 'alert' events. We recommend reading the docs for this output before making this choice.
SummaryConfig allows customization of event summary messages displayed in PagerDuty
pagerduty.alertsConfig
classClass defines the class/type of the event based on the input source. Defaults to an empty value.
groupA cluster or grouping of sources. For example, sources "prod-datapipe-02" and "prod-datapipe-03" might both be part of "prod-datapipe". Applicable if event type is set to alerts. Defaults to an empty value.
severityIndicates the severity of the impact to the affected system. Applicable for you if event type is set to alerts. Defaults to 'critical'.
pagerduty.eventType
EventType determines whether events are sent as 'change' or 'alert' events. We recommend reading the docs for this output before making this choice.
pagerduty.summaryConfig
alert_sourcealertSource is the source identifier for alert events. Defaults to 'monad-platform'.
alert_summaryalertSummary is the custom summary message for alert events. Defaults to 'Monad triggered alert event'.
change_sourcechangeSource is the source identifier for change events. Defaults to 'monad-platform'.
change_summarychangeSummary is the custom summary message for change events. Defaults to 'Monad triggered change event'.
pagerduty_audit_records.SecretsConfig
APIKey for GreyNoise Community API
pagerduty_audit_records.SettingsConfig
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
palo_alto_data_security_alerts.SecretsConfig
APIKey for GreyNoise Community API
palo_alto_data_security_alerts.SettingsConfig
base_urlURL of the organization
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
parquet.ParquetFormatter
schemapersona.SettingsConfig
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
polymer.SecretsConfig
APIKey for GreyNoise Community API
polymer.SettingsConfig
domain_nameTODO: Name of domain added on Polymer Hub portal
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
postgresql.SettingsConfig
column_namesThe column names to write data to, must match the root fields of the data If not provided all root fields will be used
databaseThe database name to connect to
hostThe host of the PostgreSQL database
portThe port of the PostgreSQL database
tableThe table name to write data to
userThe user to connect to the PostgreSQL database
postman_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
postman_audit_logs.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
prometheus.SettingsConfig
endpointlabel_fieldstimestamp_fieldtls_skip_verifyvalue_fieldpubsub.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
pubsub.SettingsConfig
domain_urlDomain URL for the Salesforce instance
organization_idOrganization ID for the Salesforce instance
topicPub/Sub topic to subscribe to
redshift_audit_logs.SettingsConfig
bucketName of the S3 bucket that receives Redshift audit logs.
log_typeWhich Redshift audit log to ingest. Must be one of the supported log types (connectionlog, userlog).
backfill_start_timeDate to start fetching data from. If not specified, a full sync of data up to now is performed on the first sync; subsequent syncs are incremental.
prefixPrefix of the audit log keys, up to (but not including) the date partition — e.g. "AWSLogs/123456789012/redshift/us-east-1". If you configured a custom S3 key prefix for audit logging, include it here.
regionAWS Region of your bucket.
role_arnRole ARN to assume when reading from S3.
rename_key_where_value_eq.ArgumentsConfig
keyThe key to rename
new_keyThe new key to rename to
valueThe value to check for
rootly_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
rootly_audit_logs.SettingsConfig
backfill_start_timeDate to start fetching data from.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
routes.CreateOrganizationRequest
namebilling_account_iddescriptionfriendly_nameroutes.GetInputResponse
created_atdescriptionidmanaged_bynameorganization_idtypeupdated_atroutes.GetOutputResponse
created_atdescriptionidmanaged_bynameorganization_idtypeupdated_atroutes.GetTransformResponse
created_atdescriptionidmanaged_bynameorganization_idupdated_atroutesV2.ApplyTransformationResponse
bytes_afterbytes_beforepercentage_changerecordsroutesV2.CreateAPIKeyRequest
expiration_timenamerole_iddescriptionroutesV2.CreateBillingAccountRequest
billing_emailEmail address for billing
nameName of the billing account
descriptionDescription of the billing account
routesV2.CreateBillingAccountRoleRequest
nameName of the role
permissionsPermission slugs for the role
descriptionDescription of the role
routesV2.CreateBillingAccountSubscriptionRequest
product_idProductID is the ID of the product to subscribe to
routesV2.CreateBillingAccountSubscriptionResponse
checkout_urlCheckoutURL is a secure URL to add payment information and subscribe to the product
routesV2.CreatePipelineRequest
namedescriptionenablednil => enabled
routesV2.CreateRoleV2Request
namepermission_idsdescriptionroutesV2.PipelineRequestEdge
from_node_instance_idto_node_instance_iddescriptiondisabledidnameschema_detectionroutesV2.PipelineRequestNode
component_idcomponent_typeenablednil => enabled
idslugroutesV2.SecretResponse
created_atdescriptionidnameorganization_idupdated_atroutesV2.StorageTypeDetailsResponse
end_atorganization_idorganization_namestart_atroutesV2.StorageTypeOutputDetailResponse
egress_bytesegress_gbingress_bytesingress_gbinput_idoutput_idpipeline_idstorage_typeroutesV2.UpdateBillingAccountRequest
billing_emailEmail address for billing. Nil preserves the current value.
descriptionDescription of the billing account. Nil preserves the current value.
nameName of the billing account. Nil preserves the current value.
routesV2.UpdateBillingAccountRoleRequest
descriptionDescription of the role. Nil preserves the current value.
nameName of the role. Nil preserves the current value.
permissionsPermission slugs for the role. Nil preserves the current value; an empty slice clears all permissions.
routesV2.organizationOverview
disabledhealthyunhealthyroutesV2.pipelineStatus
pipeline_idpipeline_namestatusroutesV2.pipelineWithStatus
idstatuslast_ingested_timeroutesV3.CreateAlertRuleRequest
activeActive indicates whether the alert rule is active
descriptionDescription of the alert rule
nameName of the alert rule
pipeline_idsPipeline IDs that this alert rule applies to
RuleConfig contains the configuration for the alert rule
severitySeverity level of the alert (e.g., "critical", "warning", "info")
typeType of the alert rule
routesV3.CreateChildOrganizationRequest
namedescriptionfriendly_nameroutesV3.CreateConnectionRequest
descriptionDescription of the connection
email_domainsEmailDomains associated with the connection for SP-initiated SSO discovery. Optional; empty/unset falls through to the column default (empty array).
nameName of the connection
public_namePublicName is the customer-controlled label shown to end users in the
SSO discovery picker. Optional; empty/unset falls through to the
column default (an auto-generated sso-<hex> value).
SAML is the configuration for SAML connections
SessionSettings controls the session length for logins through this connection. Optional; nil preserves the existing value, non-nil overwrites.
routesV3.CreateSessionRequest
organization_idOrganizationID, when set, pins the token to that single org via the
scoped_org claim. Omit to inherit the parent key's org access. Not
verified at mint time — the org-access middleware returns 403 at
request time if the parent key has no role in it.
ttl_secondsTTLSeconds is the requested session lifetime in seconds. Defaults to 1800 (30 min). Clamped to [300, 3600] (5 min – 1 hr); a value that would outlive the parent API key is rejected with 400.
routesV3.CreateSessionResponse
expires_atExpiresAt is the token expiry as an RFC 3339 timestamp.
session_tokenSessionToken is the minted short-lived JWT. Send it as a Bearer token.
ttl_secondsTTLSeconds is the effective lifetime applied after clamping.
routesV3.GetEnrichmentResponse
created_atdescriptionidmanaged_bynameorganization_idtypeupdated_atroutesV3.UpdateAlertRuleRequest
activeActive indicates whether the alert rule is active
descriptionDescription of the alert rule
nameName of the alert rule
pipeline_idsPipeline IDs that this alert rule applies to
RuleConfig contains the configuration for the alert rule
severitySeverity level of the alert (e.g., "critical", "warning", "info")
routesV3.UpdateConnectionRequest
descriptionConnection Description to be updated
nameConnection Name to be updated
public_namePublicName is the customer-facing label shown to end users in the SSO discovery picker. Optional; nil preserves the existing value, non-nil overwrites.
SessionSettings controls the session length for logins through this connection. Optional; nil preserves the existing value, non-nil overwrites.
routesV3.schemaHistoryEntryResponse
created_atedge_idevent_tagsidroutesV3.schemaStateResponse
edge_idlearning_startmodepipeline_idtotal_records_observedupdated_ats3.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
s3.SettingsConfig
Controls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed.
bucketThe name of the S3 bucket where data will be stored
compressionThe compression method to be applied to the data before storing in S3
The format config to use
partition_formatDirectory structure used to partition stored objects. Options: simple date (e.g., '2024/01/01'), hive compliant (e.g., 'year=2024/month=01/day=01'), and flat hive compliant (e.g., 'dt=2024-01-01').
prefixAn optional prefix for S3 object keys to organize data within the bucket
regionThe AWS region where the S3 bucket is located
role_arnThe Amazon Resource Name (ARN) of the IAM role to assume which grants access to the S3 bucket
scanner.AuthConfig
typeAuthentication type: iam_role or static_credentials.
IAM role configuration (required when type is iam_role).
Static credential configuration (required when type is static_credentials).
scanner.DelimitedVariant
delimiterSingle-character field delimiter (e.g. ',').
headersOptional ordered list of column headers.
scanner.FormatConfig
typeOutput format: json, parquet, or delimited.
Delimited (CSV) output configuration (required when type is delimited).
JSON output configuration (required when type is json).
Parquet output configuration (required when type is parquet).
scanner.IAMRoleVariant
role_arnThe ARN of the IAM role to assume (e.g. arn:aws:iam::123456789012:role/MonadRole).
scanner.JSONVariant
type'line' writes one JSON object per line (JSON Lines); 'array' writes a JSON array of objects.
scanner.ParquetVariant
schemaJSON schema describing the Parquet columns.
scanner.SettingsConfig
bucketThe S3 bucket in your AWS account that Scanner indexes.
compressionCompression applied before upload. Scanner indexes both uncompressed and gzip objects.
regionThe AWS region where the S3 bucket is located.
Authentication used to write to the bucket (IAM role or static credentials).
Controls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed.
The on-disk format Scanner will index.
partition_formatDirectory structure used to partition stored objects.
prefixOptional prefix for S3 object keys. Should match the prefix on the Scanner source.
scanner.StaticCredentialsVariant
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
security_lake.SettingsConfig
Controls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed.
bucketNameBucket Name
bucket_urlThe name of the S3 bucket where data will be stored
keyS3 Key
Configuration for formatting data in Apache Parquet format
role_arnThe Amazon Resource Name (ARN) of the IAM role to assume which grants access to the S3 bucket
Details about the source AWS account and region for Security Lake
security_lake.SourceAccountDetails
source_account_idSource AWS Account ID
source_regionSource AWS Region
semgrep_code_findings.SecretsConfig
APIKey for GreyNoise Community API
semgrep_code_findings.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
semgrep_supply_chain_findings.SecretsConfig
APIKey for GreyNoise Community API
semgrep_supply_chain_findings.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
sentinel.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
sentinel.SettingsConfig
endpointThe Azure Monitor Data Collection Rule (DCR) ingestion endpoint URL.
rule_idThe unique identifier of the Data Collection Rule (DCR).
stream_nameThe name of the data stream defined in the Data Collection Rule.
sentry_org_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
sentry_org_audit_logs.SettingsConfig
host_nameFor self-hosted, specify your host name here. Otherwise, leave it default as sentry.io.
org_slugThe ID or slug of the organization
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
slack_enterprise_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
slack_enterprise_audit_logs.SettingsConfig
backfill_start_timeDate to start fetching data from. Dates before March 2018 are valid but will result in an error during validation.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
snowflake_output.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
snowflake_output.SettingsConfig
accountThe unique identifier for your Snowflake account, typically in the form of 'organization-account_name'.
auth_typeControls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed.
case_insensitivityTreat column names as case-insensitive (convert to uppercase) to match Snowflake's default behavior.
databaseThe name of the Snowflake database to connect to and perform operations on
roleThe name of the Role your service account was granted which can access your resources.
schemaThe schema within the Snowflake database where the target table resides.
stageThe name of the Snowflake stage where the data will be copied to. Monad create or replace the stage.
tableThe name of the table in Snowflake where the data will be written. If the table doesn't exist Monad will create the table.
userThe username of the Snowflake account used to establish the connection.
warehouseThe Snowflake virtual warehouse to use for executing queries and processing data.
snowflake_snowpipe_streaming.SettingsConfig
accountThe unique identifier for your Snowflake account, e.g. 'orgname-account_name'.
databaseThe Snowflake database that contains the target pipe.
pipeThe name of the pre-existing STREAMING pipe (created with DATA_SOURCE(TYPE => 'STREAMING')).
APIKey for GreyNoise Community API
schemaThe schema within the database that contains the target pipe.
userThe username of the Snowflake account used to authenticate. The user's DEFAULT_ROLE must be set to a role with access to the pipe.
Controls when a batch of records is sent by limiting the number of records, total size, and maximum time elapsed.
channel_prefixOptional prefix for the channel name. Channels are named "{prefix}{instanceID}{i}" where instanceID is a fresh random ID per connector instance. Defaults to "monad".
snyk_issues.SecretsConfig
APIKey for GreyNoise Community API
snyk_issues.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
snyk_targets.SecretsConfig
APIKey for GreyNoise Community API
snyk_targets.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
splunk.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
splunk.SettingsConfig
allow_insecureWhether to allow insecure connections (not recommended for production).
indexThe index you want to send data to. If left empty, data is sent to the default index associated with the token. If specified, please read our docs for more context on Splunk token & Index scoping.
portThe port of the Splunk instance.
to_createEnsure this is selected if you want Monad to create the index for you. If you are using a pre-existing index, please leave this deselected. Read our docs for more context on Splunk token & Index scoping.
urlThe URL of the Splunk instance (must start with http or https).
usernameRepresents an administrative account to manage indices. Used to create an index, hence can be left empty if default index is to be used.
sqs_s3_base.FilterVariant
modeoperatorvaluesqs_s3_base.KeyFilter
typesumologic.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
sumologic.SettingsConfig
Additional metadata to send with each source.
urlThe URL of the Sumo Logic instance.
sumologic.SourceMetadata
custom_source_categoryDesired source category. Useful if you want to override the source category configured for the source.
custom_source_hostDesired source host. Useful if you want to override the source host configured for the source.
custom_source_nameDesired source name. Useful if you want to override the source name configured for the source.
sumologic.SumoField
field_nameName of the field to reference.
field_valueValue of the field to reference.
synthetic_data.SettingsConfig
rateThe rate at which to generate records (between 1 and 1000) per second
record_typeThe type of record to generate
synthetic_data_custom.SettingsConfig
custom_templateA custom template using the functions we provide to generate demo data
rateThe rate at which to generate records (between 1 and 1000) per second
tanium_graphql_input.SettingsConfig
base_urlThe base URL of your GraphQL endpoint including the path
enable_paginationEnable pagination support
graphql_queryThe GraphQL query to execute against the endpoint to fetch data
has_next_page_pathJSONPath location to check if there are more pages
interval_secondsTime interval in seconds between consecutive GraphQL API calls
pagination_cursor_pathJSONPath location for pagination cursor/token
record_locationJSONPath location of the records array in the GraphQL response
GraphQL query variables to pass with each request
team_access_logs.SecretsConfig
APIKey for GreyNoise Community API
team_access_logs.SettingsConfig
backfill_start_timeStart time for backfilling data
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
team_integration_logs.SecretsConfig
APIKey for GreyNoise Community API
team_integration_logs.SettingsConfig
backfill_start_timeStart time for backfilling data
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
telephony_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
telephony_logs.SettingsConfig
hostThe API hostname for your Duo Security integration.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
tenable_assets.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
tenable_assets.SettingsConfig
backfill_start_timeDate to start fetching assets from. If not specified, a full sync of assets is fetched on the first sync. All syncs thereafter will have incremental data.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
tenable_assets_cron.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
tenable_assets_cron.SettingsConfig
cronCron expression to schedule the data collection.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
tenable_vulnerabilities.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
tenable_vulnerabilities.SettingsConfig
backfill_start_timeDate to start fetching vulnerabilities from. If not specified, a full sync of assets is fetched on the first sync. All syncs thereafter will have incremental data.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
tenable_vulnerabilities_cron.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
tenable_vulnerabilities_cron.SettingsConfig
cronCron expression to schedule the data collection.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
tines_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
tines_audit_logs.SettingsConfig
tenant_domainThe Tines tenant domain (e.g., your-org.tines.com)
backfill_start_timeDate to start fetching data from. If not specified, will fetch from the most recent data available.
operation_namesFilter by specific operation names (optional)
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
user_idsFilter by specific user IDs (optional)
tines_events_logs.SecretsConfig
APIKey for GreyNoise Community API
tines_events_logs.SettingsConfig
tenant_urlUnique URL for your Tines instance
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
story_idFilter by the given story.
team_idFilter by the given team.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
twilio_events.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
twilio_events.SettingsConfig
actor_sidOnly includes events initiated by this Actor. Useful for auditing actions taken by specific users or API credentials.
event_typeOnly includes events of a specific event type: https://www.twilio.com/docs/usage/monitor-events#event-types
replication_start_timeOnly include events after this time for the initial sync. If not specified, returns all events from the start. Must be a valid ISO 8601 formatted datetime string: yyyy-MM-dd'T'HH:mm:ss'Z'
resource_sidOnly include events that refer to this resource. Useful for discovering the history of a specific resource.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
twilio_sendgrid_email_activity.SecretsConfig
APIKey for GreyNoise Community API
twilio_sendgrid_email_activity.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
types.StringComparison
The operator to use when comparing values in the filter.
This member is required.
types.StringFilter
comparisonThe operator to use when comparing values in the filter.
This member is required.
valueThe value to filter on.
This member is required.
universal.SettingsConfig
instance_nameName of the ServiceNow instance
streamsServiceNow streams to fetch data from
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
utc_timestamp.ArgumentsConfig
formatThe format of the timestamp
keyThe key to store the timestamp in
utc_timestamp.TimestampFormat
The format of the timestamp
vercel_user_events.SecretsConfig
APIKey for GreyNoise Community API
vercel_user_events.SettingsConfig
backfill_start_timeDate to start fetching data from. If not specified, a full sync of is fetched on the first sync. All syncs thereafter will be incremental.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic data for testing, instead of connecting to a real data source. Defaults to an hourly cron schedule for cron-based inputs.
with_payloadWhether to include detailed payload information in the events.
voltio_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
voltio_audit_logs.SettingsConfig
base_urlBase URL of your Volt.io API instance (e.g., https://api.volt.io)
backfill_start_timeDate to start fetching data from. If not specified, defaults to 90 days ago. All syncs thereafter will be incremental.
customer_idOptional: Filter audit logs by specific customer ID
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
vulnerability_findings.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
vulnerability_findings.SettingsConfig
asset_typesAsset types for Wiz. Ex: 'VIRTUAL_MACHINE', 'CONTAINER', etc.
endpoint_urlEndpoint URL for the Wiz API. Ex: 'https://api.wiz.io/v1/vulnerability-findings'.
asset_statusAsset status types for Wiz. Ex: 'ACTIVE', 'INACTIVE'.
backfill_start_timeDate to start fetching data from. If not specified, Data is fetched since one year ago. All syncs thereafter will be of incremental data.
detection_methodDetection method types for Wiz. Ex: 'AGENT', 'CLOUD', 'AGENT_CLOUD'.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
statusStatus types for Wiz. Ex: 'OPEN', 'RESOLVED'.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
vendor_severityVendor severity types for Wiz. Ex: 'CRITICAL', 'HIGH', 'MEDIUM', 'LOW'
wiz.DetectionMethod
wiz.EntityType
wiz.NoteFilter
@Description Filter Issues with or without a note
wiz.RemediationFilter
@Description Filter Issues with or without remediation
wiz.ResolutionReason
wiz.RiskType
wiz.ServiceTicketFilter
@Description Filter Issues with or without related service ticket
wiz.StackLayer
wiz_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
APIKey for GreyNoise Community API
wiz_audit_logs.SettingsConfig
tenant_data_centerDataCenter represents the tenant's data center location. Enter a tenant data center, e.g., "us1", "us2", "us3"
backfill_start_timeDate to start fetching data from up to 180 days. If not specified, a sync of 180 days back is fetched on the first sync. All syncs thereafter will be incremental.
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.
zendesk_audit_logs.AuthType
AuthType is the type of authentication used for the input
zendesk_audit_logs.SecretsConfig
APIKey for GreyNoise Community API
zendesk_audit_logs.SettingsConfig
auth_typeAuthType is the type of authentication used for the input
sub_domainThis is the subdomain found in your Zendesk account URL For example, if the URL is https://demo.zendesk.com then the subdomain will be demo
email_addressThis is the email address registered with your Zendesk account
Optional outbound request rate limit. Unlimited when unset. Zendesk's per-minute limit is plan-tier-specific (lowest tier 200/min), so a conservative shared ceiling is used to avoid capping higher-tier customers.
use_synthetic_dataGenerate synthetic demo data instead of connecting to the real data source.