InlineAlarmDefinition1
{
"feature_name": "network_security",
"event_type": "security_policy_violation",
"feature_display_name": "Network Security",
"event_type_display_name": "Security Policy Violation",
"severity": "HIGH",
"summary": "Security policy violation detected on network interface",
"description_on_resolve": "The security policy violation has been resolved on interface {interface_name}",
"recommended_action": "Review security logs and adjust policy rules as needed",
"kb_article": "https://kb.vmware.com/s/article/12345",
"release_introduced": "1.2.0",
"event_resource_type": "network_interface",
"event_resource_type_display_name": "Network Interface",
"enabled": true,
"event_definition": {
"metrics_event_definition": {
"metrics_key": "system.cpu.usage",
"raise_threshold": {
"comparison": "string",
"value": "string"
},
"resolve_threshold": {
"comparison": "string",
"value": "string"
}
}
}
}The system name of the feature this alarm is associated with. This is a machine-readable identifier used internally by the system to categorize and organize alarms. Cannot be modified after creation.
The type of event that triggers this alarm. This is a machine-readable identifier used internally to classify different types of events that can trigger alarms. Cannot be modified after creation.
The human-readable, localized name of the feature this alarm belongs to. This name is suitable for display in user interfaces and documentation. Automatically set based on the feature_name and cannot be modified directly.
The human-readable, localized name of the event type that triggers this alarm. This name is suitable for display in user interfaces and documentation. Automatically set based on the event_type and cannot be modified directly.
The severity level of an alarm, indicating its importance and urgency:
- CRITICAL - Highest severity, requires immediate attention
- HIGH - Serious issue that should be addressed promptly
- MEDIUM - Important but not urgent issue
- INFORMATIONAL - Lowest severity, for awareness only
A brief human-readable overview of the alarm to summarize the alarms purpose at a glance.
A template for the description that will be shown when this alarm transitions to the RESOLVED state. May include placeholders for dynamic values enclosed in curly braces (e.g., {interface_name}). The placeholders will be replaced with actual values when the alarm is resolved.
Detailed steps or guidance on how to address and resolve the alarm condition. Should provide clear, actionable information.
URL to a Knowledge Base article providing detailed information about this type of alarm, including potential causes and resolution steps.
The version of Security Services Platform where this alarm definition was first introduced. Used for tracking alarm definition lifecycle.
The type of resource this alarm's events are associated with. This is a machine-readable identifier used internally.
The human-readable, localized display name for the event resource type. This name is suitable for display in user interfaces.
Controls whether new alarm instances can be generated from this definition. When false, the definition exists but will not generate new alarms.
Defines the conditions and criteria that determine when an alarm should be triggered. Currently supports metric-based event definitions that compare real-time metrics against defined thresholds.