Event Format: Changes on Access Rules Alerts
| Name | Type | Description | Example |
|---|---|---|---|
| specversion | string | The version of the Alert schema. | 1.0 |
| type | string | The type of the alert. | secureaccess.alerts.accessrulechanges.v1 |
| source | string | The unique label that describes the source of the alerts. | secureaccess.alerts |
| orgid | integer | The unique identifier of the organization. | 8332025 |
| integrationid | string | The unique identifier of the integration. | webhook.v1:c767741d-3f60-4050-acfe-1d8c07864f63 |
| id | string | The unique identifier for the alert. | 231eeb98-bb5f-515d-b62d-17f624790452 |
| time | string | The date and time when the system sent the event. The system reports the timestamp in the ISO 8601 format. | 2025-10-29T14:26:17Z |
| dataContentType | string | The type of the content in the alert message. | application/json |
| data | object | The properties of the data for the alert. |
data
| Name | Type | Description | Example |
|---|---|---|---|
| alerts | array | The list of Changes on Access Rules alert messages. |
data.alerts
| Name | Type | Description | Example |
|---|---|---|---|
| status | string | The label that describes the status of the alert. | Active |
| severity | string | The label that describes the severity of the alert. | Low |
| ruleName | string | The name of the alert rule. | rule one |
| ruleId | string | The unique identifier of the alert rule that triggered the alert. | 2048 |
| alertType | string | The type of the condition that triggered the alert. | More than 1 client using an API credential |
| redirectUrl | string | The URL of the alert rule in the Secure Access organization. | https://dashboard.int.sse.cisco.com/org/1234567/proactive-alert-management/rules/256 |
| time | string | The date and time when the system recorded the alert. The system reports the timestamp in the ISO 8601 format. | 2025-10-29T14:26:17Z |
| category | string | The description of the category of the alert. | API anomaly |
| changesMade | string | The label that describes the changes on the access rules. | Rule changed |
| alertId | string | The unique identifier of the alert. | 2048.8332025.1761747977000 |
| conditionsApplied | object | The properties of the conditions that triggered the alert. | |
| user | string | The user account that changed the access rules. | 1288271f-2d23-4619-9ecb-ab8428ede70e |
data.alerts.conditionsApplied
| Name | Type | Description | Example |
|---|---|---|---|
| conditions | array(string) | The description of the condition that triggered the alert. | Access rule : 1288271f-2d23-4619-9ecb-ab8428ede70e |